Hello to everybody!
I'm new to OpenVPN and after studied a lot of docs I'm still unable to understand which will be the best solution for my needs.
This is my scenario:
I have one WS2008 with SQL DB in on a site and some others machines with CentOS in another site. All the PC's have public IP and are connected to internet. This way the can communicate each other. Now I would like to use OpenVPN in order to create a secure link between the SQL DB and the other machines that need to query the DB over internet.
Let's resume with this schema:
SQLDB-publicIP:xxx.xxx.xxx.100
OpenVPN_IP:192.168.10.1
| |
| |
Client 1 Client 2
publicIP:xxx.xxx.xxx.200 publicIP:xxx.xxx.xxx.201
OpenVPN_IP:192.168.10.2 OpenVPN_IP:192.168.10.3
Which is the best way to create a VPN between these equipments?
I thought I could install the OpenVPN server on the SQLDB, create a TUN with 192.168.10.0 255.255.255.0 then install the client OpenVPN on both Client 1 and 2.
I need clients to have static IP, so I think I'm obliged to generate a Certificate in order to create a client based push of the IP (may I do it without a CA only using secure key?)
In this way all the 3 machines should talk each other via the 192.168.10.0, but what about SQL service on SQLDB. Do I need to configure the service to listen on the private address or should I forward in some way all the traffic from 192.168.10.1 to xxx.xxx.xxx.100? If yes how?
So many questions... I know! Please be patient...
Best config to reach a public DB
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Mar 01, 2011 5:49 pm
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Best config to reach a public DB
I'd go for the OpenVPN server on the WS2008 box , using certificates, and then have both clients connect to it. the server would have IP 10.1, the clients 10.2 and 10.3; this can be achieved using client-config-dir files for both clients.
The advantage of using this over static keys is that with static keys you'd need to run 2 instances on the server, one for the first client and one for the second client.
as far as the SQLdb connection is concerned: in most cases the listener is configured to listen on 0.0.0.0 but otherwise I'd also make it listen on the VPN IP. the clients then connect to the VPN server IP .
The advantage of using this over static keys is that with static keys you'd need to run 2 instances on the server, one for the first client and one for the second client.
as far as the SQLdb connection is concerned: in most cases the listener is configured to listen on 0.0.0.0 but otherwise I'd also make it listen on the VPN IP. the clients then connect to the VPN server IP .
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Mar 01, 2011 5:49 pm
Re: Best config to reach a public DB
Thanks janjust for pointing me in the right direction. I'm learning about this great piece of software and your answers help me a lot to better understand how it works. I will try this way and I will be back if I need more support... hoping you won't hate me!