Hi Bo, You sure can!
You appear to have a road warrior configuration on your home device, where all other remote devices connect to. However, IMHO, the best way would probably be for you to set up what's called Site-to-Site connections, one such connection between your home device and each of the remote PI devices. You'll need to have different lan addressing space among all networks. This is important, for example setup a different /24 on each of those LANs. After this is done, you'll need to setup ip forwarding on all devices acting as clients too. After this, setup all remote dhcp's to instruct the lan devices to use each of it's openvpn's network client to act as a gateway for the LANs involved on all these connections. If any of these clients is already the default gateway on it's LAN, then this is not needed. Then just setup firewalling on your home device and remote PI clients. There are other options to accomplish this, but this would be the most standard and clean way to accomplish all your needs. If this is done you'll end up with what's called a Hub-and-Spoke. You'll actually be able to reach all devices on all networks, from within any device on any network. You'll just limit all communications on the firewalls. It's a nice project. Have fun! Rui Santos Veni, Vidi, Linux On Sat, 5 Apr 2025, 09:43 Bo Berglund, <bo.bergl...@gmail.com> wrote: > This is kind of a super-strange usage question for OpenVPN but I would > like to > know if it is possible and if so how do I configure it: > ------------------------------------------------------- > > I have a couple of devices (mostly Raspberry Pi units) deployed on a few > locations outside my home LAN and these connect back home using OpenVPN > clients > on them. > > While they are connected I can SSH into their command line interface for > maintenance and checking using their tunnel IP addresses. That is very > convenient. > > But... > Now I wonder if these clients can be set up such that when they are > connected to > my main network through their OpenVPN clients they also act as a gateway > back > into the LAN they are sitting on? > > That would open up a simpler way to manage the *other* devices on the same > remote LAN than configuring each of them to connect back home using an > individual OpenVPN connection that is already connected. > > They really do not need to connect back home for the functionality they are > handling but only if I would like to reach them for config changes etc. > > As I *can* connect by SSH through the tunnel back to the device that is > connected to my home LAN then I could also reach the remote LAN via that > device. > > So for command line access to the other items that would be fine. > However, some of them do not have a command line entry point (no SSH) but > only a > GUI http config interface and that cannot be used via SSH to the vpn > client. > > So can it instead be configured such that I can use my config GUI app at > home > chanelled via the client VPN connection back onto the remote LAN to reach > these > GUI style devices? > > If so how? > > > -- > Bo Berglund > Developer in Sweden > > > > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users >
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users