OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

OpenVPNAS for site to site VPN

https://forums.openvpn.net/viewtopic.php?t=11595

Page 1 of 1

OpenVPNAS for site to site VPN

Posted: Fri Nov 02, 2012 5:08 pm
by mac
Greetings!

Looking to setup a site to site VPN using 1) OpenVPAs server 2)using one client ..quick questions

1 Is it possible just using one Server and one client

2 the reference http://openvpn.net/index.php/access-ser ... -site.html .....maybe im reading it wrong ...

but with just one client and one server ..i should be able to push routes of Lan behind the server to client and the LAN behind client to server end...


Appreciate any clarifications

Thanks!

Re: OpenVPNAS for site to site VPN

Posted: Sat Nov 10, 2012 3:06 pm
by rsenio
Not sure I get your question. You are wondering about site to site, but only want one site. So you want to setup a regular VPN? Remote users connect and have access to your LAN, and LAN users have access to OpenVPN machines? Sounds like a regular setup.

Re: OpenVPNAS for site to site VPN

Posted: Mon Dec 03, 2012 5:01 pm
by novaflash
A bit late but I think I understand what mac wants.

Yes, it is possible to create a 2-way tunnel using an Access Server and one Linux client.
The tunnel itself will be initiated on the client machine, and terminated on the Access Server.
Traffic can pass in both directions over this tunnel.
Routes can be configured on the Access Server to allow traffic from networks behind the Access Server to reach the client and the networks behind the client.
Routes can be pushed to the client to allow traffic from networks behind the client to reach the network behind the Access Server.

The interesting thing is that the routing on both the Linux client and the Access Server can be managed from within the Access Server's admin UI itself.
In particular, you will want to use the VPN Gateway functionality found under user permissions in the Access Server's admin UI.
That means that as far as the Access Server and the Linux client are concerned, all the routing will then be okay.
Of course, any routing required on the networks behind the Access Server and behind the Linux client will still need to be done in these networks.
Also, the Linux client must have IP forwarding enabled, as must the Access Server - but the Access Server has this enabled by default while the Linux client might not.

There are 2 guides available, one for Layer 2 bridging, and one for Layer 3 routing - this last one appears to be the one you want:
Layer 3: http://docs.openvpn.net/how-to-tutorial ... ss-server/
Layer 2: http://docs.openvpn.net/how-to-tutorial ... ss-server/

Good luck.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/