VPN network Theory (Gargoyle)

[ispyisail]

Hi all

I'm trying to create a VPN route without any luck. Just wondering if the experts have any thoughts

Source is PC 1, target is PC 3



Routing Table on Router 192.168.175.1

[ispyisail]

Trace route didn't really tell me much

[ispyisail]

BTW I had to edit the route file via the command line

[Lantis]

You have a route for 192.168.1.0/24 to both WAN and tun0. You can’t do that.
Why is the route via WAN there?

[ispyisail]

Good spot

I'm double Natting, I've still got the VLAN 10 problem

I've found in the past that the VPN takes precedence over the WAN so if the downstream router is 192.168.1.1 and the VPN router on the other end is also 192.168.1.1 it will ignore the downstream router.

Tomorrow I will change the downstream router subnet so it looks better and eliminates a possiable problem

[ispyisail]

Double Nating removed

There is something else in the client VPN router that forces traffic to use the VPN route

[ispyisail]

Looks like this person might be trying to do a similar thing

https://forum.openwrt.org/t/how-to-set- ... ble/122766

[ispyisail]

It appears that the custom route is not added to the route table

Code: Select all

root@Gargoyle:~# ip route
default via 203.xxx.xxx.254 dev eth0.2 proto static src 203.xxx.xxx.226
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.5
10.64.0.0/24 dev wg0 proto kernel scope link src 10.64.0.1
192.168.2.0/24 via 10.8.0.1 dev tun0
192.168.10.0/24 via 10.8.0.1 dev tun0
192.168.16.0/24 via 10.8.0.1 dev tun0
192.168.20.0/24 via 10.8.0.1 dev tun0
192.168.33.0/24 via 10.8.0.1 dev tun0
192.168.123.0/24 via 10.8.0.1 dev tun0
192.168.175.0/24 dev br-lan proto kernel scope link src 192.168.175.1
203.xxx.xxx.0/24 dev eth0.2 proto kernel scope link src 203.xxx.xxx.226
root@Gargoyle:~#

[Lantis]

What does the "route1" section of /etc/config/network show? (it should be at the bottom).
I suspect it shows interface = 'tun0'?
Try making that "tun". I know that might be a bit counterintuitive given the rest of them say tun0.

I can't run a test for you at the moment as i'm in the middle of updating Gargoyle to 23.05 and I haven't got OpenVPN working yet.

[ispyisail]

ill try tun

current file

Code: Select all

config route 'route1'
	option target '192.168.1.0'
	option interface 'tun0'
	option gateway '10.8.0.1'
	option netmask '255.255.255.0'

The whole file just in case

Code: Select all

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd36:fe34:f529::/48'

config device 'brlan_dev'
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.175.1'
	option ip6ifaceid '::1'
	option dns '192.168.175.1'

config device 'wan_eth0_2_dev'
	option name 'eth0.2'
	option macaddr '68:ff:7b:47:69:98'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'
	option ipv6 '0'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'none'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '2 3 4 5 0t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '1 0t'

config interface 'wg0'
	option proto 'wireguard'
	option private_key '8NA/I1B+JeGjc5AyQS0AxxxxxxexJ1ArL/r7UNzHk='
	option listen_port '51820'
	list addresses '10.64.0.1/24'

config route 'route1'
	option target '192.168.1.0'
	option interface 'tun0'
	option gateway '10.8.0.1'
	option netmask '255.255.255.0'