OpenVPN to branch offices
I'm hoping someone can assist or point me in the right direction.
Here's the scenario:
Our company has 4 Offices one of which is of coarse HQ; each one of 3 branches have a Untangle FW installed and configured; our HQ has 2 Untangle FW's, one of which is used purely for web traffic and the second for VPN and mail which is connected on a diginet line, the other is on ADSL.
Current configuration for all sites is that all Untangle FW's are configured as OpenVPN servers allowing any one of my users access from anywhere.
What I would like to achieve is to setup a site to site VPN for all my branches. Ideally HQ would be configured as OpenVPN server and my 3 branches as clients. With this being said I would like all my users in all my branches to be able to access data from any of the 4 file servers.
So, like this:
A --> B B --> A
A --> C C --> A
A --> D D --> A
B --> C C --> B
and so on and so on.
So, can anyone help?
Here's the scenario:
Our company has 4 Offices one of which is of coarse HQ; each one of 3 branches have a Untangle FW installed and configured; our HQ has 2 Untangle FW's, one of which is used purely for web traffic and the second for VPN and mail which is connected on a diginet line, the other is on ADSL.
Current configuration for all sites is that all Untangle FW's are configured as OpenVPN servers allowing any one of my users access from anywhere.
What I would like to achieve is to setup a site to site VPN for all my branches. Ideally HQ would be configured as OpenVPN server and my 3 branches as clients. With this being said I would like all my users in all my branches to be able to access data from any of the 4 file servers.
So, like this:
A --> B B --> A
A --> C C --> A
A --> D D --> A
B --> C C --> B
and so on and so on.
So, can anyone help?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Site A has 2 UT boxes one 192.168.0.1 and the other 192.168.0.254; 254 for used web traffic and is the DG on all the workstations where as 0.1 is the DG on my file server. Site B's UT box is 192.168.1.1 and is the DG of all workstations and server; from site B I can ping site A's UT box and file server but cant browse the network (shares).
I'll double check IP config on B's UT box.
I'll double check IP config on B's UT box.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Morning
Ok, ifconfig -a result from site B's UT box:
eth0 Link encap:Ethernet HWaddr 00:21:85:5a:03:50
inet addr:192.168.99.2 Bcast:192.168.99.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19777308 errors:0 dropped:1727400567 overruns:0 frame:0
TX packets:14336908 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2300380550 (2.1 GiB) TX bytes:1460336556 (1.3 GiB)
Interrupt:221 Base address:0x4000
eth1 Link encap:Ethernet HWaddr 00:a0:cc:39:0e:de
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2323615 errors:1 dropped:0 overruns:0 frame:0
TX packets:3037966 errors:1 dropped:0 overruns:1 carrier:0
collisions:0 txqueuelen:1000
RX bytes:562229479 (536.1 MiB) TX bytes:2643601931 (2.4 GiB)
Interrupt:16 Base address:0xe800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5541124 errors:0 dropped:0 overruns:0 frame:0
TX packets:5541124 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1092787090 (1.0 GiB) TX bytes:1092787090 (1.0 GiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00
inet addr:172.16.16.45 P-t-P:172.16.16.46 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:116 errors:0 dropped:0 overruns:0 frame:0
TX packets:105 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:16614 (16.2 KiB) TX bytes:15964 (15.5 KiB)
utun Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00
inet addr:192.0.2.43 P-t-P:192.0.2.43 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1046 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:50284 (49.1 KiB) TX bytes:0 (0.0 B)
Site B's file server ipconfig \all results:
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168B/8111B Family PCI-E
GBE NIC
Physical Address. . . . . . . . . : 00-1C-C0-AE-48-02
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
I also tried connecting to the share instead of browsing from site B but no luck. from site A I can browse site B's file server with out issue.
Ok, ifconfig -a result from site B's UT box:
eth0 Link encap:Ethernet HWaddr 00:21:85:5a:03:50
inet addr:192.168.99.2 Bcast:192.168.99.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19777308 errors:0 dropped:1727400567 overruns:0 frame:0
TX packets:14336908 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2300380550 (2.1 GiB) TX bytes:1460336556 (1.3 GiB)
Interrupt:221 Base address:0x4000
eth1 Link encap:Ethernet HWaddr 00:a0:cc:39:0e:de
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2323615 errors:1 dropped:0 overruns:0 frame:0
TX packets:3037966 errors:1 dropped:0 overruns:1 carrier:0
collisions:0 txqueuelen:1000
RX bytes:562229479 (536.1 MiB) TX bytes:2643601931 (2.4 GiB)
Interrupt:16 Base address:0xe800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5541124 errors:0 dropped:0 overruns:0 frame:0
TX packets:5541124 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1092787090 (1.0 GiB) TX bytes:1092787090 (1.0 GiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00
inet addr:172.16.16.45 P-t-P:172.16.16.46 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:116 errors:0 dropped:0 overruns:0 frame:0
TX packets:105 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:16614 (16.2 KiB) TX bytes:15964 (15.5 KiB)
utun Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00
inet addr:192.0.2.43 P-t-P:192.0.2.43 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1046 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:50284 (49.1 KiB) TX bytes:0 (0.0 B)
Site B's file server ipconfig \all results:
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168B/8111B Family PCI-E
GBE NIC
Physical Address. . . . . . . . . : 00-1C-C0-AE-48-02
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
I also tried connecting to the share instead of browsing from site B but no luck. from site A I can browse site B's file server with out issue.
ASKER
Also just wondering about this, is it better to have your firewalls create the PPPOE connection to the internet or have the ADSL router do it?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have managed to sort this out. Site to Site is up and running, my users can access data on remote servers and my road warriors are able to vpn in and access data from any branch.
ASKER
All the branches are running Untangle. Networking for the branches are as you mentioned:
A: 192.168.0.0/24 (HQ?)
B: 192.168.1.0/24
C: 192.168.2.0/24
D: 192.168.3.0/24
I have managed to connect B to A and able to access data on B from A but only from the File Server, but I am unable to access data from B to A. Should routing be configured on the UT boxes or on my File Servers?