Solved

OpenVPN site to site VPN Tunnel

Posted on 2008-10-17
6
3,140 Views
Last Modified: 2012-05-05
I am trying to use OpenVPN to create a site to site vpn tunnel.  I can get the client > server config to work but I need to pass traffic to different networks through OpenVPN machines.  Site A is setup as 192.168.1.0/24 and Site B 10.10.10.0/24.   I would like to have hosts from each network be able to contact each other.  I am new to OpenVPN and having trouble figuring which options are required in the config to make it work as stated above.  Can anyone point me to some simple configs for a site to site vpn?  The documentation I have read so far is not clear to me as to which options go into the server or client config files and exactly what they do.....

Thanks for the help in advance....
0
Comment
Question by:justinl525
  • 3
  • 2
6 Comments
 
LVL 5

Expert Comment

by:gratex_ssd
ID: 22792280
0
 
LVL 1

Author Comment

by:justinl525
ID: 22795966
I will give it a look
0
 
LVL 2

Accepted Solution

by:
m_adamczyk earned 500 total points
ID: 22808461
What systems are running OpenVPN? Are you using 2 linux routers or 2 servers/PCs? Also, what kind of contact do you want between the two networks?

http://openvpn.net/index.php/documentation/howto.html
is a thorough list of HOWTOs straight from OpenVPN.

Read this:
http://openvpn.net/index.php/documentation/howto.html#vpntype
to determine if you need a bridged or routed connections. Bridging gives you the advantage of passing WINS (MS Shares) information between the two networks.

I have set up both routed and bridged connections with OpenVPN and also found the learning curve high at first - but once set up, they're very stable.

As a rule of thumb, just remember that one of the OpenVPN devices must act as the server (listening for connections) and the other(s) must act as remote clients (initiating connections). Even in bridging mode, one waits and the other(s) initiates.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:justinl525
ID: 22812764
I am trying to set up a routed VPN.  I am using the Windows PCs to do this.  I want to have host on one side be able to contact hosts on the other side....  As of now I dont need to incorparate anme resolution as this alrady being done and is working.  I am having trouble establishing ip connectivity.  I do understand that on end of the tunnel needs to be server and the client...  The server and client connect ok.... and one side of the tunnel can ping the other side but not vice versa...  I look at the routing tables on the 2 endpoint PCs and the routes top the remote network have gateways that are IPs that are not assigned to any device within the tunnel... I guess I am not seeing how the OpenVpn routing logic works or I am confused about how it works compared to convetional routing...(cleint server stuff)
The documentation is confusing because I see many configurations that are supposed to be site to site but they hard to follow because of the documenatation on the OpenVpn website... its not detailed enough about how things are working and seems to contradictory between sample configs... (i know there are many ways to configure stuff probably)  

The learning curve is high at first becasue of the lack of backgournd on how the App works... if you know how something works you will understand better how to give it what it needs to work....

You cant just throw rods and pistons into a metal block and expect to get much from that, but if you have a clearer understanding of the architecture and design then you will see where to bolt those rods and pisting to a crankshaft and have a nice runnging engine very quickly. (sorry for the rough analogy, its still early for me)


I just want a simple vpn tunnel site to site where the tunnel endpoint route packest from one subnet to the other and vice versa...  :-(
0
 
LVL 2

Expert Comment

by:m_adamczyk
ID: 22947499
For your testing scenario, you'll want to have firewall temporarily disabled on both machines. For your routing tables... yuck, that's been my most difficult learning curve so far too.

Let me see if I can find some good info for you. Give a few days to find something. What systems are you running OpenVPN on? Windows? Linux?
0
 
LVL 1

Author Comment

by:justinl525
ID: 22950196
Windows
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Do you have an old router lying around the house that you don’t know what to do with? Check the make and model, then refer to either of these links to see if its compatible. http://www.dd-wrt.com/site/support/router-database http://www.dd-wrt.c…
Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now