Hello,
I’d need some help with setting up two OpenVPN client/server scenarios.
In my European home, I have a working Balance 305 + FusionHub on a static public AWS IP, wan smoothing, some port forwarding. All works well, all devices in the LAN that are routed to the FusionHub see the public AWS IP and from outside the LAN I can access the local devices whose ports are forwarded to.
In my US home, I have an Asus router running an OpenVPN server with public dyndns IP. In the router I generated a .opvn file that I can load in OpenVPN Connect in my smartphone or PC’s outside the US LAN and connect to its local devices.
Also the PC’s in the European LAN can connect to the US openVPN server, but on a pc to pc basis installing OpenVPN Connect client.
Now I’d like to do two separate things, even if not at the same time:
-
From outside the European LAN, using OpenVPN Connect in PC’s or smartphone, connect to the Balance 305’s LAN and access the local devices without need of port forwarding (same as what I already do with my Asus router in the US). So there would be to be an OpenVPN server somewhere in the European LAN, whether it is the Balance 305, the FusionHub or the AWS ?
-
I like the European LAN devices to see, on a “as needed basis”, not the AWS IP but the US IP of my US Asus router (for streaming movies using my US-based accounts)
I said on point 1) that I am already doing this on a PC to PC bases using OpenVPN Connect client installed in the PC’s, but one of the LAN devices is a employer-locked laptop where nothing can be installed, so I would need the Balance or Fusion Hub to act as a VPN client connected to the US Asus openVPN server.
Are the two scenarios above possible, and where could I find step to step directions?
Thanks!
Hi all,
I found out how to do 2) : how to have the European LAN devices see the US Asus IP
Either of these two options seem to have the same effect:
-
in the FusionHub: Advanced - OpenVPN: import opvn file, insert user and password. Only option for connection is WAN. By doing this, all the European LAN devices under the Balance 305 see the US IP. But ALL, the one routed through FusionHub, and the ones that are not.
-
Exdactly the same thing in the Balance 305. Here the connections options are as many as the WAN’s connected to the Balance 305 (FusionHub not being there). Again, no matter the WAN chosen, ALL LAN devices see the US IP
I guess this is good enough for me, but I wonder: how to limit the US IP to only the devices routed though the FusionHub? Why entering the opvn settings in the FusionHub only, still affects all the devices behind the Balance 305? I don’t know.
Alright, I also found out how to do 1), so I’ll write it here if it helps anybody.
I found two ways (fw 8.4.1)
Option 1: run openVPN server in the Balance 305:
in FusionHub, I just forwarded port 1195 UDP to local LAN ip of the Balance 305.
In the Balance 305, I went to Advanced-“Remote User Access”, select Enable, select OpenVPN, select all connections, select user and password, Save and Apply settings.
Then I went to Status-Device, and clicked on blue link “Route all traffic”. This downloaded the opvn file to ingest into OpenVPN Connect client., with port UDP 1195.
This option works 100%: I can reliably ping all the LAN devices and navigate the internet seeing as public IP one of those of the WAN set in the Balance 305.
Alternate option 2: run openVPN server in the FusionHub.
In the FusionHub, I went similarly to before to Advanced-“Remote User Access”, select Enable, select OpenVPN, select WAN, select user and password, Save and Apply settings.
Then I went to Status-Device, and clicked on blue link “Route all traffic”. This downloaded the opvn file to ingest into OpenVPN Connect client., this time with port UDP 1194.
But this last scenario has a big problem: no internet in the external PC where OpenVPN Client is running! I cannot ping 8.8.8.8, I cannot navigate, and although I can ping the local LAN devices, the first ping is always lost.
I think I am missing a route or an outbound forward policy, not sure whether in the FusionHub or in the Balance 305, can anybody help with that?
Thanks!