OpenVPN Support Forum

Okay, so I have been banging my head against the wall trying to get something to work to no avail. I am trying to connect my network and my friend's network via VPN gateways on both ends. This is so we can LAN game, share media, and share files stored on a NAS. Essentially, we are trying to set up a site-to-site VPN, so all of our networks work as one.

Our current setup is this:

The VPN Server is on my network, 172.16.0.0/16. It is, of course, set with a static IP. I break up the 172.16.0.0/16 network using the third octet to designate whether a host is a server, static client, DHCP client, or network equipment such as a router.

I set up both of my VPN clients with static IPs, one on 192.168.8.0/24, the other on 192.168.16.0/24. My friend and I can connect to the server successfully and play Age of Empires over LAN. So we know that works.

However, even though the server is set to allow access to the server side subnet of 172.16.0.0/16, nothing can ping or be seen by my friend.

So, we want to be able to set up a gateway that all of our devices can route through to get to the VPN server. That way we have one device to manage on each network as we add more friends' networks to the mix.

I have it configured for split-tunnel, so internet bound traffic routes out their local connection instead of through the tunnel and chewing up my bandwidth.

Now, the problem I have had is setting up a client on my network to act as a gateway. I can't seem to find a way to set up the gateway client to route packets. I was using CentOS 6 minimal install, packet forwarding enabled, iptables configured to forward ports as needed, and nothing worked until I turned iptables off. When I did, some of my internal subnets were visible, but not all of them, and I could not access the internet.

I would ideally like to be able to deploy the gateway on a Raspberry Pi, so the cost of adding a gateway is cheap. However, can a gateway client be done with only one physical interface?

Here is what I am trying to do:



Can anyone help me with the config? I am starting from scratch with CentOS Minimal Install, and I am using a server that has two interfaces, but I would like to try to do this with only one, as that is all that a Raspberry Pi has without adding a USB one.

As mentioned above, we are planning on adding more people to this VPN network after we have this working properly.

I know I am likely missing important information, so feel free to ask.

echonet wrote:I would ideally like to be able to deploy the gateway on a Raspberry Pi, so the cost of adding a gateway is cheap. However, can a gateway client be done with only one physical interface?

If you mean .. Run OpenVPN on a Pi and have it function as the gateway to your VPN for other LAN devices .. Yes you can do this with one physical NIC .. the other is the TUN/TAP device.

echonet wrote:I am likely missing important information, so feel free to ask

Your current config files and logs ..

echonet wrote:so we can LAN game, share media, and share files stored on a NAS

You may need to use --dev tap for broadcast packets.

I've only been using the Web Admin interface. I have this installed on CentOS 6, where are my config and log files going to be located? In the /var/log and /etc directories? What are the names of the files needed?

Where are the config and log files located in CentOS 6? I checked in /etc and /var/log and found nothing OpenVPN related.

Also, is it possible to set this up with multiple failover points, or something decentralized for site-to-site? I ideally want to have a gateway and server on each network at each location, so that if, let's say, my power goes out the nodes will all failover to another point. If that one goes down simultaneously, then the rest switch over to another server. That way the VPN network will always be up no matter who goes down, or how many go do down. Is it possible to create this kind of redundancy or decentralization? I want this to be robust and reliable, no matter what happens.

Thank you it works