Multiple Sites Routing with Site to Site and Road Warrior
-
I really don't buy this… So your saying ISP changes the IPs on those how often? I have dynamic IP from my isp - and its been the same for well over 2 years. As long as you renew your lease and your equipment is not offline for extended periods with how dhcp normally works your IP should rarely change. Are you saying your ISP forces your IP to change - if so how often?
My ISP changes the IP every 7 days. Sometimes several times a week. They are constantly pushing firmware which reboots the modem. Normally about 3 am every Sunday.
And why can you not just use some sort of dynamic dns to allow have the same fqdn point to whatever your IP might be, etc..
My ISP blocks Dynamic DNS so this does not work.
TCP (can be pretty poor)
We use TCP because is it a guaranteed connections, UDP is not, it is pretty much send and forget, where TCP is send an make sure it gets there otherwise resend/
You don't seem to be grasping something. Not sure how else to explain it.
I am having issue with is how and where to place my routing....I have read just about every topic on here about OpenVPN routing, some read that one needs to use "push route" or iroutes in the client, others read in the server, then some read, place your networks in the REMOTE NETWORK on the server, some read place your networks in the REMOTE NETWORK of the client.....and others read place your networks in REMOTE NETWORKS on both client and server. Then others read that static routes are how it should be done. So I am confused.
I am trying to figure out which is correct and which I should be implementing.
I'd rather not just do trial and error, as that just creates a bouncing network in general. I just need to get all my sites to route to each other.
I do not want to switch to SSL/TLS for my Site to Site links, as that would mean I would have to tear down all the existing links and rebuild them. I had a hard enough time getting SSL/TLS working for RoadWarrior and that took me a while to get it stable for my roaming users. I am not wishing to go through that process for each site to site and end up also impacting the now WORKING Roadwarror.
I am sure someone has this set-up, I just need to know how they got their routing to work with Site to Site.
-
I have already told you exactly what you need where. You do not need to push anything. You do not need iroutes. You just need to look at every site and put the networks you want to reach FROM THAT SITE ON THAT OPENVPN INSTANCE in IPv4 Remote Networks there.
UDP is better for OpenVPN transport. You still have TCP on TCP connections inside the tunnel for guaranteed delivery where required.
One writeup: http://sites.inka.de/bigred/devel/tcp-tcp.html