Site to Site VPN - OpenVPN on Asus Router (OE Firmware)
frkq Asus routers are painful, and open vpn isn't intuitive like a network appliance like a cisco router would work.
Most configuration is pushed server side including the satellite site routes.
ASUS OE firmware is dynamically generate each boot and apply so you have to work your configuration into the UI and jffs parition.
*Note I haven’t bother with security key authentication since its just a small test network
ASUS Router Headend 192.168.1.0/24
Ubuntu Raspberry PI Satelight. 192.168.200/24
client-config-dir /jffs/openvpn/ccd #jffs persistant partition
topology subnet
client-config-dir ccd
client-to-client
username-as-common-name
# Remote routes
route 192.168.200.0 255.255.255.0 10.8.0.2
# These routes are pushed out to other connecting clients/site and hairpin via the headend
push "route 192.168.200.0 255.255.255.0 10.8.0.1"
#end
JFFS files *on the server side
ifconfig-push 10.8.0.2 255.255.255.0
iroute 192.168.200.0 255.255.255.0
route 192.168.1.0 255.255.255.0
push "route 192.168.200.250"
push "route 192.168.200.0 255.255.255.0"
pull-filter ignore "route 0.0"
pull-filter ignore redirect-gateway
Running OpenVPN Client as a Service w PWD
/etc/systemd/system/openvpn-client.service
ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client.ovpn --auth-user-pass /etc/openvpn/login.conf
DNSMasq Forwarding Local Domain
Place autorun file on a usb drive to hack ASUS mount autorun script on boot.
/jffs/configs/dnsmasq.conf.add
server=/home.local/192.168.200.250
cat /jffs/configs/dnsmasq.conf.add >> /etc/dnsmasq.conf