Hi @MarkAGregory 

Thanks for posting in our business forum.

MarkAGregory wrote

  @Clive_A thank you for the ideas, I've moved through the possible approaches that appear to be doable with this device. What I need to do might be possible, but it would require specific guidance from someone that has done it before. As we know we can setup openvpn servers on single nic devices, e.g., NAS boxes do it, and it can be done on desktop computers.

 

I'm hoping that someone from tp-link will respond with the guidance that I need to move forward.

I am from the TP-Link but what you described is not clear enough. I don't know where you learned that is possible to do that. But to simplify what you asked, that's port forwarding. DMZ is a different way to work around port forwarding. Port forwarding twice if necessary in your setup. A generic port forward guide would answer your request for guidance.

The problem is if you have double NAT, you should remove and avoid the NAT. Anything that happened to the double-NAT may not be resolved by us because it is not the recommended way to use it.

Hi @MarkAGregory 

Thanks for posting in our business forum.

MarkAGregory wrote

  @Clive_A I'm not certain that what I've put is not clear. But to be clear let me state again.

 

Option 1. WAN port on ER707-M2 is connected to the local LAN. Upstream firewall port forwards to the ER707-M2 WAN port. OpenVPN is configured to listen on the WAN port and when a client connects the client is given access to the WAN port(s) -> meaning the LAN of my network.

 

Option 2. LAN port on ER707-M2 is connected to the local LAN. Upstream firewall port forwards to the ER707-M2 LAN port. OpenVPN is configured to listen on the LAN port and when a client connects the client is given access to the LAN port(s) -> meaning the LAN of my network.

 

As mentioned, many other devices are capable of this configuration. NAS boxes, single NIC computers, pFsense, etc.

 

My question is whether the ER707-M2 can be configured to do what I need.

 

Everything is possible, the question is whether the configuration / OS has the flexibility or has it been setup to only do WAN / LAN translations for all services.

Are you sure others can do this? Any docs on this? Keeps saying this is doable where I see no way to do it. If you ask me about this, I say no, not doable with any Omada. Nor do we have a guide on this.

Option 1 is just a generic port that forwards the local service to the first NAT. Every router supports NAT - port forward.

Hi @MarkAGregory 

Thanks for posting in our business forum.

MarkAGregory wrote

  @Clive_A thank you for the clarification that the device will not do what I need, which is to be an openVPN server on a LAN. I bought the device thinking it might do what I need, but that is ok, it can be used to provide a simple NAT.

 

I'm not going to spend time providing documents on how pFsense, QNAP NAS, LINKSYS NAS, and many many other devices can be configured to be an openVPN server on a single NIC device. Google is your friend.

I am aware that they are LINXU based and installing the simple app to enable them with the OVPN or WG.

I am not interested in digging into their web or docs on this. From what I understand and your understanding, we don't share common ground/knowledge on this.

Connecting the WAN to the first NAT LAN, that makes sense by doing port forwarding. However, by connecting the second NAT LAN to the first NAT LAN, you would not get too much support or approval from the networking community. I don't deny that making some iptable/routing would enable that, but mostly it is not how it works. You don't have to listen to my suggestions if you have your view on this. But like I said, we don't have guides or similar cases which in this case it seems that the router does not meet your expectations. You can return it before the return window closes. Or wait for someone else from the community to share a solution if they have done something similar.

Reddit is also a good place where you have many more active and knowledgeable members to discuss this. If you want to listen to more suggestions or comments.