I would like to make services available to several clients via VPN. I am using a router that is capable of establishing a VPN connection as a client (ASUS RT-AC51U). I setup a CA, created certificates, private keys, .conf files - everything works fine:
- I can connect to the VPN and see several devices on the server side (Router, RPI working as VPN server)
- When I connect the mentioned router as a VPN client to the network I can use the services exposed by the server network
Now I wanted to expose the clients (or at least one of them) behind the ASUS router to the VPN.
Options like using iroute and push "route ..." didn't work, so I resorted to port forwarding from specific clients in the subnet, which does not work either.
I can:
- ping the router using its VPN address
10.X.X.X - I managed to forward the HTTP server port, so I can send requests to the WAN address of the ASUS router
I cannot:
- send an HTTP request to the VPN address, so I assume the port forwarding does not work on the tunnel adapter
- expose the network behind the router using OpenVPN server and client configuration
Scanning the VPN IP using nmap revealed no open ports. Scanning the WAN IP revealed the open ports on the other hand.
My questions:
Is it actually possible to expose the subnet behind the ASUS router? The router is connected to its network via its WAN-port. Would I need to disable the firewall? Would I need to disable NAT in the ASUS router? Would exposing one specific client help?
