Page 1 of 1

:?: ACCESS ALL LAN

Posted: Fri Nov 16, 2018 3:37 pm
by Simon_NOËL
Hello,
Can you tell me if it's possible to have access on all LAN of server OPNVPN ?
A can access only on other machine if I add router manually from my server VPN.
Thank you !

Re: :?: ACCESS ALL LAN

Posted: Tue Nov 20, 2018 5:22 pm
by novaflash
Um. What? Can you provide some examples with some more details of how things are connected?

Re: :?: ACCESS ALL LAN

Posted: Wed Nov 21, 2018 8:49 am
by Simon_NOËL
Sorry, I will try to be more clear .
On this plan I can connect in PC 20.0.0.2 with remote desktop since the customer OPENVPN (192.168.1.2 in left).
How then to communicate with the other network entities like PC 10.0.0.3 or PRINTER 20.0.0.4 ?
Image
Thank you !

Re: :?: ACCESS ALL LAN

Posted: Wed Nov 21, 2018 1:06 pm
by novaflash
If I understand you correctly, then you'll have to implement VPN client gateway, set up site-to-site routing.
https://openvpn.net/vpn-server-resource ... in-detail/

Re: :?: ACCESS ALL LAN

Posted: Wed Dec 26, 2018 8:30 am
by Simon_NOËL
I novaflash and thank you,
Yes it's correct I need to configure my Open Client and Server site-to-site but I can not find the good configuration for Client and Server ... :oops:

Configuration Server :
#numéro du port utilisé
port NUM_PORT
#protocole de communication
proto udp
#type d'interface
dev tun
#emplacement du master CA
ca ca.crt
#emplacement du certificat du serveur
cert serveur.crt
#emplacement de la clé du serveur
key serveur.key
#emplacement du fichier Diffie-Hellman
dh dh2048.pem
#quelle sera l'adresse du réseau virtuel créé par le VPN
#l'adresse du serveur VPN sera ici 192.168.0.1
server 192.168.123.0 255.255.255.0
#quelle est la route pour communiquer, ici le réseau 10.4.
push "route 10.0.0.0 255.255.255.0"
;push "route 10.0.0.209 255.255.255.0"
#
keepalive 10 120
#type d'encryptage des données
cipher AES-128-CBC
#activation de la compression
comp-lzo
#nombre maximum de clients autorisés
max-clients 10
#pas d'utilisateur et groupe particuliers pour l'utilisation du VPN
user nobody
group nobody
#pour rendre la connexion persistante
persist-key
persist-tun
#fichier de log
status openvpn-status.log
log openvpn.log
#niveau de verbosité
verb 5

;client-config-dir C:/Users/Utilisateur/OpenVPN/ccd

# This is a 'dev tun' ifconfig that creates
# a point-to-point IP link.
# 10.3.0.1 is the local VPN IP address and
# 10.3.0.2 is the remote VPN IP address.
# Only define this option for 'dev tun'.
# Make sure to include the "tun-mtu" option
# on the remote machine, but swap the order
# of the ifconfig addresses.
tun-mtu 1500
ifconfig 192.168.123.1 192.168.123.6



Configuration Client :
#pour signaler que c'est un client !
client
#type d'interface
dev tun
#protocole de communication
proto udp
#adresse ip publique du réseau dans lequel le serveur est installé + port identique au serveur
remote IP_SERVEUR
#tentative de connexion infinie
resolv-retry infinite
nobind
#pour rendre la connexion persistante
persist-key
persist-tun
#pour cacher les avertissements
mute-replay-warnings
#emplacement du master CA
ca ca.crt
#emplacement du certificat client
cert client1.crt
#emplacement de la clé privée du client
key client1.key
#type d'encryptage des données
cipher AES-128-CBC
#activation de la compression
comp-lzo
#niveau de verbosité
verb 5

Re: :?: ACCESS ALL LAN

Posted: Wed Dec 26, 2018 8:34 am
by Simon_NOËL
Hi novaflash and thank you !
Yes I think the site-to-site configuration is the solution but I can not find the right configuration

This is my configuration for server :

Code: Select all

#numéro du port utilisé
port PORT
#protocole de communication
proto udp
#type d'interface
dev tun
#emplacement du master CA
ca ca.crt
#emplacement du certificat du serveur
cert serveur.crt
#emplacement de la clé du serveur
key serveur.key
#emplacement du fichier Diffie-Hellman
dh dh2048.pem
#quelle sera l'adresse du réseau virtuel créé par le VPN
#l'adresse du serveur VPN sera ici 192.168.0.1
server 192.168.123.0 255.255.255.0
#quelle est la route pour communiquer, ici le réseau 10.4.
push "route 10.0.0.0 255.255.255.0"
;push "route 10.0.0.209 255.255.255.0"
#
keepalive 10 120
#type d'encryptage des données
cipher AES-128-CBC
#activation de la compression
comp-lzo
#nombre maximum de clients autorisés
max-clients 10
#pas d'utilisateur et groupe particuliers pour l'utilisation du VPN
user nobody
group nobody
#pour rendre la connexion persistante
persist-key
persist-tun
#fichier de log
status openvpn-status.log
log openvpn.log
#niveau de verbosité
verb 5

;client-config-dir C:/Users/Utilisateur/OpenVPN/ccd

# This is a 'dev tun' ifconfig that creates
# a point-to-point IP link.
# 10.3.0.1 is the local VPN IP address and
# 10.3.0.2 is the remote VPN IP address. 
# Only define this option for 'dev tun'.
# Make sure to include the "tun-mtu" option
# on the remote machine, but swap the order
# of the ifconfig addresses.
tun-mtu 1500
ifconfig 192.168.123.1 192.168.123.6
This is my configuration for client A :

Code: Select all

#pour signaler que c'est un client !
client
#type d'interface
dev tun
#protocole de communication
proto udp
#adresse ip publique du réseau dans lequel le serveur est installé + port identique au serveur
remote IP_PUBLIC PORT
#tentative de connexion infinie
resolv-retry infinite
nobind
#pour rendre la connexion persistante
persist-key
persist-tun
#pour cacher les avertissements
mute-replay-warnings
#emplacement du master CA
ca ca.crt
#emplacement du certificat client
cert client1.crt
#emplacement de la clé privée du client
key client1.key
#type d'encryptage des données
cipher AES-128-CBC
#activation de la compression
comp-lzo
#niveau de verbosité
verb 5

Re: :?: ACCESS ALL LAN

Posted: Wed Dec 26, 2018 2:01 pm
by novaflash
Those configurations you're posting, they are for the OpenVPN open source project, not the commercial OpenVPN Access Server product. And you are currently on the OpenVPN Access Server board. I suggest you try one of the other boards on this forum site that does deal with the open source OpenVPN project.

Re: :?: ACCESS ALL LAN

Posted: Mon Dec 31, 2018 1:55 pm
by Simon_NOËL
I just made my request here : viewtopic.php?f=30&t=27650

Thank you !