Double hop VPN with Omada

Double hop VPN with Omada

Double hop VPN with Omada
Double hop VPN with Omada
2 weeks ago - last edited 2 weeks ago
Model: ER605 (TL-R605)   OC200  
Hardware Version:
Firmware Version: 2.2.6

Hello everybody,

 

i have a ER605 v2.0 and it is configured as a Open VPN Client which connects to a Open VPN-server. this works perfect. Everbody in the network behind the ER605 has access to the server.

 

When i´m not in the offfice, i use a VPN connection to access the ER605 to be part of its network. This also works perfect. On the ER605 is a Open VPN-server running. 

 

The problem is, when i am connectet by vpn to the ER605, i can not connect to the server which is connected by the second VPN. After hours of searching at google, i just found out that it is called a doube hop.

 

Can you help me to solve the problem?  

 

Thank you!

 

regards from Germany

Christian

 

   

  0      
  0      
#1
Options
13 Reply
Re:Double hop VPN with Omada
2 weeks ago

And i have a second question:

 

When a user is connected to the router by VPN, Omada is not showing the device in the device-overview. Why? 

  0  
  0  
#2
Options
Re:Double hop VPN with Omada
2 weeks ago - last edited 2 weeks ago

  @ChristianSchaaf 

 

you need to create a route where the next hop is the remote OpenVPN ip

 

 

 

SORRY this only work if you use Wireguard as Client on computer. 

 

 

 

  0  
  0  
#3
Options
Re:Double hop VPN with Omada
2 weeks ago

  @MR.S 

 

Thank you for your reply.

I assumed that i have to create a route. But i don´t know how to do it. Can you help me? 

In the configuration there are the settings for the routing. I can choose between static route and policy routing. Here you ca find 2 screenshots. It looks different to your screenshots. 
 

 

  0  
  0  
#4
Options
Re:Double hop VPN with Omada
2 weeks ago

  @ChristianSchaaf 

 

I'm sorry but it only works if you have wireguard as a client, I tested a bit with the setup you have with openvpn on pc but then the routing wouldn't work.

My setup is OpenVPN between two routers and wireguard as the client on pc that connects to wireguard server.

 

so if you have the opportunity to set up a wireguard server it will work.

 

 

routing is configured like this

 

 

 

 

 

  0  
  0  
#5
Options
Re:Double hop VPN with Omada
2 weeks ago

  @ChristianSchaaf 

 

 

Ok I get it to work with OpenVPN to, you have to route to your OpenVPN IP Pool to like this. this is IP Pool in your Server config that client connet to

 

 

 

  0  
  0  
#6
Options
Re:Double hop VPN with Omada
2 weeks ago

  @MR.S 

Hi

 

i will try it! 

 

But just to be sure... in your example, the 10.20.1.1 is the IP of the router (wireguard server and OpenVPN Client) and the 10.93.5.1 is the IP of the server (OpenVPN Server)? Or is the 10.93.5.1 the router and 10.20.1.1 the server? 

  0  
  0  
#7
Options
Re:Double hop VPN with Omada
2 weeks ago
Sorry, i have not seen your second post!
  0  
  0  
#8
Options
Re:Double hop VPN with Omada
2 weeks ago

  @ChristianSchaaf 

I wrote it wrong, 10.20.1.1 should be 10.20.1.0/24 that is remote LAN


10.93.5.1 is remote OpenVPN server ip address

 

 

and 10.77.88.1 is OpenVPN server that client connect to and this serveren is configurert with full tunnel mode, if not full you have to add remote network in server config to.

 

 

 

Good luck with the project :-)

 

 

  0  
  0  
#9
Options
Re:Double hop VPN with Omada
2 weeks ago

  @MR.S 

 

Let´s do a example please. 

 

On the Omada Router i have these Open-VPN-Server-Settings: 

 

 

If i connect with a client, the client gets the 192.168.98.20 for example.

 

And here is the config of the Open-VPN-Client on the Omada router for the "jump" to the server 80.82.218.154

 

 

The Omada router receivs the following IP.

 

 

Now i´m still not sure, what IPs i have to fill in for "Destination IP" and "Next hop".

 

Thank you! 

  0  
  0  
#10
Options
Re:Double hop VPN with Omada
2 weeks ago - last edited 2 weeks ago

  @ChristianSchaaf 

 

In this example I have connection to remote network with ip 10.20.2.0/24 that is routet to 10.93.5.1 and second line is routeing to local OpenVPN Server to get comunkation both way fro 10.20.2.0/24

 

 

 

 

 

  0  
  0  
#11
Options