RBR40 VPN setting

---

@h0u5er wrote:

I have RBR40 build V2.5.1.16 and I enable the VPN feature which can be working successfully all the time.

In recently, I wonder the RBR40 master router can assign the specify IP address, netmask, gateway, and DNS server to my laptop when I connect to the VPN by tunnelblick? It's possible can I ssh to my master router and configure the openvpn service?

 

 

 

----------------------------------------------------------------------------------

---

Perhaps you could expand on the question.  The Orbi router does use DHCP to  assign an IP address, netmask, gateway, and DNS to the client computer.  Are you asking if you can configure these values?  The Orbi router/satellite do not support ssh connections. They do support telnet, which can be activated from the Orbi debug web page (http://orbilogin.net/debug.htm)

My Orbi has enabled the DHCP for the local user and it will assign an IP address, netmask, gateway, and DNS server to the local client. BTW, the gateway address and DNS address is the same as Orbi's address itself. 

But my question is can we assign another gateway address and DNS server settings to the client who will be requesting network information through a VPN connection? I mean I plan to use the other address (NOT Orbi's address) to act as a gateway and DNS for the VPN client.

OpenVPN probably has a way to do this.  Notice the line in the config:

up dhcp-client-request.sh

I believe that you can substitute parameters in this file for the IP, subnet mask, gateway, DNS, etc.  I have looked (briefly) at the OpenVPN User Documentation, and felt like "Alice down the rabbit hole."  Holy Moly.  Bewildering.

https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/ 

While substituting a different DNS seems to pose little problem, I would be very cautious of messing with the subnet and gateway values.  Unless there is an existing computer connected to the Orbi with an IP address that matches, then the VPN connection will have "no way out".  I do not see how this can be possible.

Since you are on a Mac platform, maybe the folks at tunnelblick could offer advice?

I learn the docs from tunnelblick website and known the *.opvn file is supported by tunnelblick. so I guess the OpenVPN configuration file will be supported on Orbi and try to find some use cases on this forum. But no luck.

Why I plan to assign another gateway address and DNS address (They are the same address) to the VPN client? Because I want to audit and inspect the traffic which comes from outside and connect to my home. 

The network diagram like this

https://i.loli.net/2020/07/04/QXbKHGgIiLBy3TY.png

Thanks for the diagram.  I believe there is a misconception about how VPN tunnels function.  The client device and the host device are both connected to the internet.  The Client create a tunnel inside that connection, through the initernet to the Host.  There can be nothing between the two.  i.e. The magnifying glass device cannot exist.  The tunnel goes from the Client computer to the Orbi router, not to the computer on the right.  The Orbi creates a virtual device (inside the Orbi) which appears as a computer connected to the Orbi.

A rough sketch is attached.

It is a fascinating concept to want to inspect and filter what is "coming in" through the VPN connection.  Allowing a device onto the Orbi LAN through VPN is a lot like physically bringing a device in and connecting it.  Once a device is "on the LAN", then it has the same access as other devices.  This is probably a good reminder that we need to maintain firewalls and anti-virus software on our devices that are connected to the Orbi. 

Thanks for your explanation, I already know where my problem is. 

Thank you for your advice 🙂