This works assumes you have a topology like : computerA (192.168.0.10/24) <--> router <--WAN--> router <--> {ESP-VPN (172.16.0.50/24) + computerB (172.16.0.100/24)} And supposes you want to connect from computerA to computerB without any modification to any router nor computerB. ComputerB will have its own gw, etc.
You need to run mqtt_vpn and set a route to 172.16.0.0/24 through the VPN tunnel :
in one terminal :
sudo ./mqtt_vpn -i mq0 -a 10.0.1.1 -b tcp:https://my_broker.org:1883 -k secret -d
and in another :
sudo ip route add 172.16.0.0/24 via 10.0.1.2
You have to set the mqtt_vpn_target_addr
according to the address of computerB
when ESP-VPN is up, you just need to send packets to computerB, profits !
In the following [IP1|IP2] refers to a packet with IP1 as source address and IP2 as destination address.
- computerA sends a packet [10.0.1.1|172.16.0.100] through the tunnel by publishing a message on the broket in the topic .../172.16.0.100
- ESP-VPN can read this message (it subscribes to it) and since it is not the destination will use the NAT to follow up in the wifi LAN
- a packet [172.16.0.50|172.16.0.100] is inside the LAN wifi due to NAT
- computerB can replies directly to ESP-VPN (packet reply : [172.16.0.100|172.16.0.50])
- ESP-VPN looks in its NAT table and forward it back in the VPN tunnel (message [172.16.0.100|10.0.1.1])