@David-Mc 

 

Which OpenVPN Server are you using? If you import the OVPN file to your PC, do you get a username and password or just a password when you log in to the OpenVPN server?

 

  @MR.S 

 

Thanks for your response.  This is the setup for the other er605 that's running the OpenVPN server:

 

  @David-Mc 

 

if you try from an OpenVPN client from the pc then? does it work? vpn ip pool should not overlap any of the other networks you have, use an ip pool that is not in use elsewhere

 

 

Hi, yes, from the OpenVPN client on my PC, the connection works fine.

  @David-Mc 

David-Mc wrote

I have two ER605s:

 

One (Router 1) running an OpenVPN server on a non-NAT network with a static IP address.  This is accessible through the Windows OpenVPN client.  I can connect, I can see the remote network, I can see the internet, my public IP address is the one on the remote network - exactly what I want.  I've also set up a GL-iNet router to connect to this OpenVPN server, and I can see mostly what I need, although the internet DNS isn't working properly, I didn't labour on that too much as I only connected it to see if it would connect.

The other (Router 2) is running an OpenVPN client on a dynamic IP address, behind NAT.

 

I'm trying to connect Router 2 to the Router 1 network and no matter what I do, I cannot see the remote network in any way.  I've followed various sets of instructions to connect these two routers, but none of them ever seemed to fit my scenario exactly so I'm convinced that in my translation to my scenario, I'm missing something.

 

This is my tunnel list, it's showing as working there:

 

This is the client set up:

 

Any pointers on what else I might need to change?  Or any more information needed?

 

Thanks

 

Dave

If you want to create a site-to-site, you should set the IPsec.

The config looks good for both sites.

Are you able to ping the other site gateway IP address? 

  @Clive_A 

 

I did initially try the site-to-site IPSec option but because I'm behind NAT/dynamic IP address on one site, and the case study in the instructions was based on static IP at both ends, I didn't/couldn't work out the substitutions I needed to make.  Is this actually possible without static at both ends? 

 

I can't remember if I could ping the other gateway, I'll check that.

  @David-Mc 

David-Mc wrote

  @Clive_A 

 

I did initially try the site-to-site IPSec option but because I'm behind NAT/dynamic IP address on one site, and the case study in the instructions was based on static IP at both ends, I didn't/couldn't work out the substitutions I needed to make.  Is this actually possible without static at both ends? 

 

I can't remember if I could ping the other gateway, I'll check that.

SD-WAN then. SD-WAN could be an option for the site that does not have a public IP.

  @GRL 

 

Hi

 

I tried that previously and I couldn't get past the error: For an IPsec policy with the same IP address at both ends, the parameters in Phase-1 should be kept the same.

 

As soon as I took out 0.0.0.0 and put in a random IP address the error stopped but obviously that's not what I want.  Do you know what the above error message means?

Ignore this one, I just found out that having an L2TP VPN on there caused this.