Connect all VPN servers together

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
thelastrider
OpenVpn Newbie
Posts: 2
Joined: Sat Jan 07, 2023 8:16 am

Connect all VPN servers together

Post by thelastrider » Sat Jan 07, 2023 8:41 am

Image

Hello, I have 3 VPS servers that are running separate OpenVPN Access Server instances from each other. I was trying to figure out how I can connect all 3 VPS serves together so that I can just use 1 OpenVPN Access Server account/connection across all 3 servers. This also means allowing the user to view all 3 VPS servers' sites as well. So for instance, each VPS server has their own site or purpose. For the VPS ending in .211, that is running Jenkins and specifically just only Jenkins. The VPS ending in .65, that's running an instance of Gitlab and an intranet site. The VPS ending in .68 is running a Bitbucket instance. Now the "main" OpenVPN Access Server I want to use would be the one ending in .65 which would have the Gitlab instance and the intranet site. The other 2 would be "allowed" sites across the network. I should also mention all 3 VPS servers run on port 10.8.0.1 which is strictly for intranet use. That means all 3 VPS servers are intranet servers.

Now my issue is that I've already tried putting all 3 in a cluster, but that doesn't seem to be working. I got all 3 machines connected to the "main" cluster which ends in .65, however when I use the configurations/.ovpn profile files for the VPS ending in .65, I can't access the Jenkins site nor the Bitbucket site. Just only the Gitlab instance and the intranet site. Conversely, if I had downloaded a previous .ovpn profile file from say the VPS ending in .211 and imported it to my OpenVPN client program and disconnect from the VPS ending in .65 and connected to the VPS ending in .211, I am then able to access JUST the Jenkins instance. When trying to access the Gitlab instance and intranet site using the .ovpn profile from the VPS ending in .211, I get the generic browser error saying the site might not exist even though I know it exists because it's my VPS. When I disconnect from the VPS ending in .211 and then try reconnecting to the VPS ending in .65, I am then able to access the Gitlab instance and the intranet site, but not the Jenkins instance and it throws me the generic browser error. This is true with the Bitbucket VPS as well going both ways to .65 and .211. Even with all 3 being in the same cluster, I can't access any of the other 2 when using 1 .ovpn profile file from the 3rd VPS.

All 3 OpenVPN Access Servers are configured to listen to all interfaces which would be their respective IP Address, 1 network address, and 10.8.0.1. So I don't think that's the issue since all 3 should be listening to 10.8.0.1 already if that's the issue. I've also tried changing 1 of the VPS servers to just listen to 10.8.0.1 and then I downloaded a new .ovpn profile from that configuration and imported it and still no dice. I still can't access that VPS server I set to 10.8.0.1 and running off the VPS ending in .65

So my question is, is there a different away or a more precise guide or tutorial that shows you how to connect all your servers to 1 "main" OpenVPN Access Server? Was also thinking could it also be the first initial way how I setup the intranet servers? I basically followed this guide up until they finished setting up samba.

https://www.digitalocean.com/community/ ... untu-16-04

Then I used this guide to setup my first initial OpenVPN server.

https://www.cyberciti.biz/faq/ubuntu-20 ... 5-minutes/

Then lastly, I installed the OpenVPN Access Server using this link.

https://openvpn.net/vpn-software-packages/#modal-items

I did this with all 3 VPS servers. Is there a different way I should be configuring these 3 VPS servers so I can connect to them all using 1 connection?

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Connect all VPN servers together

Post by openvpn_inc » Tue Jan 10, 2023 10:16 pm

Hello,

An OpenVPN Access Server cluster does not provide connectivity between the cluster nodes. Each node's network connectivity is its own. It's generally meant to be deployed in the same network, like for example in the same VPC on AWS or such. It allows to share load and provide failover capability while accepting the same credentials and certificates from any of the nodes in the cluster.

There is of course nothing standing in the way of providing such interconnectivity yourself, should these networks be isolated. This is called site-to-site and should be relatively easy to implement.

The guide you linked to (first link) is for an open source OpenVPN server. That's not OpenVPN Access Server. So for support on open source solutions I'll have to refer you to the open source section of this forum.

The third link, that's OpenVPN Access Server. With that I would advise that you install Access Server in one location, and then set up 2 site-to-site connections for the other two VPS servers. Then a VPN client connected to this one Access Server can reach over these site-to-site connections to the other two VPS servers without requiring additional Access Servers or connecting to multiple servers with your client. This is the site-to-site use-case described here:
https://openvpn.net/vpn-server-resource ... in-detail/

One caveat though - the subnets used on the 3 VPS servers must be unique and not the same. Otherwise the routing system won't be able to figure out where to send the traffic. This is a limitation in routing. If you must keep the subnets the same, but you also want one VPN connection, there is the option to use OpenVPN Cloud. You can connect your VPS servers to that as Network Connectors, and then access them from a connected client by addressing them using a DNS system like 10-8-0-1.vpsdomain1, which would do the necessary translations necessary to get your traffic to the right VPS server.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

thelastrider
OpenVpn Newbie
Posts: 2
Joined: Sat Jan 07, 2023 8:16 am

Re: Connect all VPN servers together

Post by thelastrider » Fri Jan 13, 2023 1:34 am

I think I might have found a solution. I can simply just use Docker and host what I need on my Docker instances. Then have an OpenVPN instance installed on the host machine allowing me to use that machine as the VPN and connecting to those Docker instances on that same machine. My only worry is resources since these VPS machines have very low specs, it may have some kind of performance issue due to everything running on just 1 machine. The site-to-site suggestion sounds promising so I'll test that out on my other 2 machines.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Connect all VPN servers together

Post by openvpn_inc » Sun Jan 15, 2023 1:02 am

Hello thelastrider,

There are many ways to set things up. If this works for you, that's great. It's also perfectly possible to set up site-to-site and have one VPN server that gives access to multiple machines/VMs in various locations/networks.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply