Best config to reach a public DB

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mannybiker
OpenVpn Newbie
Posts: 2
Joined: Tue Mar 01, 2011 5:49 pm

Best config to reach a public DB

Post by mannybiker » Tue Mar 01, 2011 8:06 pm

Hello to everybody!
I'm new to OpenVPN and after studied a lot of docs I'm still unable to understand which will be the best solution for my needs.

This is my scenario:
I have one WS2008 with SQL DB in on a site and some others machines with CentOS in another site. All the PC's have public IP and are connected to internet. This way the can communicate each other. Now I would like to use OpenVPN in order to create a secure link between the SQL DB and the other machines that need to query the DB over internet.
Let's resume with this schema:

SQLDB-publicIP:xxx.xxx.xxx.100
OpenVPN_IP:192.168.10.1
| |
| |
Client 1 Client 2
publicIP:xxx.xxx.xxx.200 publicIP:xxx.xxx.xxx.201
OpenVPN_IP:192.168.10.2 OpenVPN_IP:192.168.10.3

Which is the best way to create a VPN between these equipments?
I thought I could install the OpenVPN server on the SQLDB, create a TUN with 192.168.10.0 255.255.255.0 then install the client OpenVPN on both Client 1 and 2.
I need clients to have static IP, so I think I'm obliged to generate a Certificate in order to create a client based push of the IP (may I do it without a CA only using secure key?)
In this way all the 3 machines should talk each other via the 192.168.10.0, but what about SQL service on SQLDB. Do I need to configure the service to listen on the private address or should I forward in some way all the traffic from 192.168.10.1 to xxx.xxx.xxx.100? If yes how?

So many questions... I know! Please be patient... :)
Top
User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:
Contact janjust

Re: Best config to reach a public DB

Post by janjust » Tue Mar 01, 2011 9:30 pm

I'd go for the OpenVPN server on the WS2008 box , using certificates, and then have both clients connect to it. the server would have IP 10.1, the clients 10.2 and 10.3; this can be achieved using client-config-dir files for both clients.
The advantage of using this over static keys is that with static keys you'd need to run 2 instances on the server, one for the first client and one for the second client.

as far as the SQLdb connection is concerned: in most cases the listener is configured to listen on 0.0.0.0 but otherwise I'd also make it listen on the VPN IP. the clients then connect to the VPN server IP .
Top
mannybiker
OpenVpn Newbie
Posts: 2
Joined: Tue Mar 01, 2011 5:49 pm

Re: Best config to reach a public DB

Post by mannybiker » Wed Mar 02, 2011 12:53 am

Thanks janjust for pointing me in the right direction. I'm learning about this great piece of software and your answers help me a lot to better understand how it works. I will try this way and I will be back if I need more support... hoping you won't hate me! :mrgreen:
Top
Post Reply

Return to “Configuration”