Home user.
I have a Max Transit - although it supports Open VPN, don’t want to purchase the license (waiting for WireGuard - hah!). Currently I use WiFi as WAN to an old Surf Soho, and run OVPN on that. Performance is lacking (about 10 Mbs throughput tops).
I also have an old Max BR1 which I DID install the OVPN client on - but it has no WiFi. Throughput with OVPN is better (20 Mbps range) than on the Surf Soho.
How would I link the Max Transit to the BR1 using Ethernet so that I can run OVPN on the BR1, but have it loop back to the Max Transit to broadcast VPN network via Wifi? Currently I’m not using any of the Ethernet ports on the Max Transit (cellular WAN only and wifi throughout house).
1.Plug Transit WAN into BR1 LAN
2. Set outbound policy on BR1 to send all traffic via openvpn WAN
3. Create a new VLAN on the Transit.
4. Set Outbound policy to use the Wired WAN for that source VLAN
5. Set default outbound policy to use cellular WANS
6. create new SSID on transit with same VLAN ID as the one you just created.
7. Make yourself a cup of tea. Sit back and admire and enjoy your triumphant OpenVPN daisy chain!
Thanks - Not having much luck.
Configuration so far - because as described above confusing.
On Max Transit -
Network = IOT (for VPN-connecting devices). 192.168.53.0 / 24
VLAN = 3
DHCP Enabled - 53.3 through 53.15
Wireless Network:
SSID = IOT
VLAN ID = 3
WAN Port - Configured as LAN
Outbound Policy - Set to wired WAN for source IP network 192.168.53.0 = 100% (BUT wired WAN is now LAN port, so not sure of effect)
Default Outbound Policy = Cell WAN
On BR1:
WAN Port - Connected via Ethernet to Transit WAN (set as LAN) port.
Successfully gets IP via DHCP (53.13)
Outbound Policy -
Source = IP network 192.168.53.0
Weighted Balance - OpenVPN WAN (100%)
Networks - Non-except local lan access to access via LAN ports (192.168.48.1).
Open VPN does not connect. Sits and spins before ultimately disconnecting. Not sure what I’m doing wrong.
If you want to route traffic from the Transit through the BR1 via OpenVPN you will want the BR1 on the WAN of the transit.
Check logs and work out why. Can you use the same credentials on your laptop using openvpn client and connect?
OK - trying one step at a time.
- Plug one end of cable into Transit WAN. Where does Transit wired WAN get IP from at this point? It appears to pick up an address from the only LAN on the BR1 (192.168.49.xx)? Is this expected?
On the BR1 - I get Wired WAN = No cable connected (because connected to LAN); Open VPN WAN uplink not ready.
Do I need to set up IP forwarding on the Transit wired WAN? If so, how to set up addressing on the BR1 LAN port?
Desired config with questions given the above solution from ML:
Well - sort of got this to work with a static route between the two WAN ports, and NAT on both the BR1 and Transit WANs. The VPN client on the BR1 did connect and get an address …
But then I ran into NAT issues (double-NAT?), because although I could ping from the Transit to the mgmt host on the BR1 (as well as the BR1 WAN IP), I couldn’t successfully ping back the other way…
Experimentation continues…
Gave up and bought the license.
