I have got a Synology RT2600AC router with VPN Plus server with S2S option. that option is using IPSec, which would not connect my networks over Layer 2. In addition, the Synology VPNPlus S2S service is not free (even though it uses the libreswan package). I have DLNA/ UPnP servers on my network which should be visible automatically on all LANs (even remote ones). To have broadcast packets transmitted to all networks, I have to have them on same local LAN subnet, which is shared among all LANs connected via VPN.That is achievable with OpenVPN, which is available for free on Synology VPN Plus Server. Synology S2S feature is not free as beer (even it is using libreswan package). The other two routers I have picked TP-Link TL-WR1043ND v4. I have replaced original firmware on them with LEDE-Project one, so I could tune fine my configurations.
OpenVPN server configuration on RT2600AC
drwxr-xr-x 3 root system 4096 Oct 7 07:35 .drwxr-xr-x 11 root system 4096 Nov 6 12:59 ..drwxr-xr-x 2 root system 4096 Nov 1 16:24 keys-rw-r--r-- 1 root system 949 Oct 8 21:25 openvpn.conf-rwxr-xr-x 1 root root 48 Oct 6 15:33 openvpn.up
dev tapsyno_vpnplus_syncmanagement 127.0.0.1 1195server 10.51.8.0 255.255.255.0max-clients 20cipher AES-256-CBCauth SHA512dh /var/packages/VPNPlusServer/target/etc/openvpn/keys/dh3072.pemca /var/packages/VPNPlusServer/target/etc/openvpn/keys/ca.crtcert /var/packages/VPNPlusServer/target/etc/openvpn/keys/server.crtkey /var/packages/VPNPlusServer/target/etc/openvpn/keys/server.key #this is shared key, must be uploaded to clientstls-auth /var/packages/VPNPlusServer/target/etc/openvpn/keys/ta.key 0persist-tunpersist-keyverb 3script-security 2up /var/packages/VPNPlusServer/etc/openvpn/openvpn.up #log-append /var/log/openvpn.logkeepalive 10 60reneg-sec 0plugin /var/packages/VPNPlusServer/target/lib/radiusplugin.so /var/packages/VPNPlusServer/target/etc/openvpn/radiusplugin.cnfclient-cert-not-requiredusername-as-common-nameduplicate-cnproto udpport 1194status /tmp/ovpn_status_2_result 5status-version 2client-to-clientpush "route 10.51.8.0 255.255.255.0"
#!/bin/sh/usr/syno/sbin/brctl addif lbr0 tap0/usr/syno/sbin/brctl stp lbr0 on/usr/syno/sbin/brctl setmaxage lbr0 40
OpenVPN client configuration on TL-WR1043ND
clientdev taptls-clientremote xxxxx.xxx 1194pullproto udpscript-security 2reneg-sec 0auth SHA512cipher AES-256-CBCauth-user-pass /etc/openvpn/xxxxx-xxx.secretkey-direction 1ca /etc/openvpn/xxxxx-xxx.catls-auth /etc/openvpn/xxxxx-xxx.keyexplicit-exit-notify