Getting closer. It now works from ERX Office to Tomato router, but not the other way around.
To get it to work in this one direction, I had to put two things in place on ERX Office:
set protocols static interface-route 192.168.10.0/24 next-hop-interface vtun0 set interfaces openvpn vtun0 server client dave subnet 192.168.10.0/24
The full config is now:
david@Meadows-Router# show interfaces openvpn vtun0
encryption aes256
hash sha256
mode server
openvpn-option "--comp-lzo adaptive"
server {
client dave {
subnet 192.168.4.0/24
subnet 192.168.10.0/24
}
client parents {
subnet 192.168.1.0/24
}
push-route 192.168.3.0/24
subnet 10.9.0.0/24
}
tls {
ca-cert-file /config/auth/openvpn/server1/ca.crt
cert-file /config/auth/openvpn/server1/MeadowsRouter.crt
dh-file /config/auth/openvpn/server1/dh.pem
key-file /config/auth/openvpn/server1/MeadowsRouter.key
}So that works. Yay! Now for the other direction. WHen I log in to Tomato Router (whose IP is 192.168.10.1) and ping Office ERX (IP 192.168.3.1), I can run tcpdump on Home ERX and see the packets coming in on vtun0 and going out on vtun1. But tcpdump on Office ERX doesn't show anything coming in on its vtun0. Any ideas? ANyone?