I've a LinkSys router connected to my ISP, it is a standard router with factory firmware.
A TP841ND running OpenWrt is wired to it (LAN port on Lis inkSys, WAN port on TPLink).
The LinkSys manages the 192.168.1.0/24 subnet, it's own address 192.168.1.1 acts as both the gateway and dns server for the LAN.
The TP841ND manages the 192.168.2.0/24 subnet, on it's WAN side has a static address assigned 192.168.1.3 on the LAN side it's a gateway 192.168.2.1. Default gateway is 192.168.1.1.
With this configuration all clients on the TP841ND LAN can navigate between them, access any machine on the LinkSys LAN and navigate the Internet without probles.
The LinkSys WAN side can be accessed thru a hostname by means of a dynamic dns setup which means the IP address of its WAN port can be known at any moment. Let's say on a given moment is 184.108.40.206.
The LinkSys defines as it's DMZ the static IP Address of the TP841ND router; all traffic then is routed there.
With port forwarding the TP841ND bounces some ports to other machines in the LinkSys LAN or keeps for itself some traffic (i.e. SSH access or Web browser with LUCI).
So I can access designated machines in both LAN from anywhere.
Firewall is setup at the router TP841ND wide open, accepting traffic to/from both the WAN and LAN ports.
I've a mirror setup somewhere else, it can be accessed thru the external IP 220.127.116.11, their LinkSys LAN is identical (192.168.1.0/24) and their TP741ND LAN is 192.168.3.0/24
I want to access from the LAN on the the TP841ND the resources on the LAN of the other TP841ND thru an ipip tunnel.
Defined in LAN "A" (192.168.2.0/24)
iptunnel add tunl1 mode ipip remote 18.104.22.168 local 192.168.2.1
ifconfig tunl1 up
route add -net 192.168.3.0/24 dev tunl1
and in the LAN "B" (192.168.3.0/24)
iptunnel add tunl1 mode ipip remote 22.214.171.124 local 192.168.3.1
ifconfig tunl1 up
route add -net 192.168.2.0/24 dev tunl1
Using tcpdump I can see that if ping 192.168.3.1 is given in LAN "A" it's being routed thru tunl1 and ditto in the
opposite direction when ping 192.168.2.1 is made in LAN "B".
The configuration doesn't work.
Any idea on why?
Additional setups needed?
Is it expected to work a ipip tunnel protocol with NAT involved?
Other approach suggested?