Site to Site on unknown remote network

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
fox_pluto
OpenVpn Newbie
Posts: 1
Joined: Sat May 08, 2021 7:34 am

Site to Site on unknown remote network

Post by fox_pluto » Sat May 08, 2021 7:53 am

Dear Forum,

I am new to openVPN so apologise me if I am saying something wrong.

I am trying to configure a VPN infrastructure to interconnect my company headquarter to several remote sites.
I have installed a OpenVPN Server and I am able to connect to the server, for testing purpose, with a laptop.

My final goal is to interconnect a remote site and to reach a couple of machine in the remote site; unfortunately the device I am using in remote actually a RaspBerry Pi has only one network interface.

So basically my network is:

Code: Select all

Local PCs<---Company LAN--->Server <--internet--> Raspberry (client) <--remote LAN with Internet--> remote device
I would like to ssh from a local PC to the remote device and control it.
For the Open VPN network I am using the default 10.8.0.0/24 network, so the Server is 10.8.0.1 and the Raspberry is 10.8.0.6 and I can ping the Raspberry from the server.

My requirements are:
* I want to connect from Local PCs to remote device via ssh
* I want the remote device being able to connect to Local PCs via ssh
* I want remote device could connect to Internet without using the OpenVPN tunnel but using the Remote LAN Internet connection

My questions are:
* do I have to assign a fixed IP like 10.8.0.9 to the remote device ?
* do I have on the remote device to set like Default Gateway the Raspberry Client and configure the Raspberry Client to split tunnel?

In general I am a bit confused about the IP and networks requirement for the remote device.

Thanks for your help,
Stefano

tedm
OpenVpn Newbie
Posts: 6
Joined: Sun May 16, 2021 4:30 pm

Re: Site to Site on unknown remote network

Post by tedm » Sun May 16, 2021 6:04 pm

Hi Stefano,

This isn't a good choice I am assuming you have the Raspberry Pis' laying around and collecting dust which is why you want to use them. It's not that it can't be done - it can. It is just that it's not going to be reliable enough for a company infrastructure setup for many reasons and support is going to stink.

What you want to do is what the OpenWRT and dd-wrt and Tomato router projects were created for. You can buy used routers like the Netgear WNDR4000 off Fleabay for under $15 or the NetgearAC1450 for under $25 that are going to have more throughput plus they already have the ethernet interfaces and they are easy peasy to flash one of these projects on. The forums for these projects are very busy with a lot of help available.

The AC1450 was widely handed out for free by ISPs and the used market is flooded with them. With a CPU clocking at 800Mhz and 256MB of ram and 128MB flash, it will handle router builds for many future years. With SFE enabled you can easily get 500Mbts throughput on the device and I very much doubt you have that high speed of an Internet connection at the remotes.

Save the Raspberry Pis for running NASes on and other suchlike.

Post Reply