2 Site to Site and Remote OpenVPN client
-
@charlieblalock said in 2 Site to Site and Remote OpenVPN client:
I thought I could automatically access Site B when I was VPNd into Site A already since they have Site 2 Site established
No, likewise you need to add a route on both sites of the VPN for the local subnets, you also need to add an additional route for the access server tunnel, so that the clients can access site B.
I tried adding that 2nd Site B subnet for my OpenVPN Remote client as a remote subnet but it does not work.
Yes, you have to state the site B subnet here, but at "Local Networks".
-
@viragomann thanks
Can you tell explain the first part? As suggested, I can not get my OpenVPN remote clients to see second subnet that works fine via site to site. I am not familiar with that part. Can you tell me what part of the gui and entry?
I think I have the 2nd part below. Site A and B are 192.168.10.0/24 and 192.168.9.0/24 respectively. The tunnel is 192.168.8.0/24 - all hosts on site to site works fine.
-
@charlieblalock
To connect the subnets of A and B you might have entered to respective remote subnet into the OpenVPN configuration and and also setup a CSO.
You have to update these settings and add the tunnel network of the access server at B.
How, exactly depends on it it's the client or the server. -
@viragomann Subnets A & B are both connected as I stated via Site to Site OpenVPN connection. I can access devices and hosts between the two sites via IP Address or via DNS names no problem - Site to Site works.
The issue is when I connect to Site A using OpenVPN client on laptop. I can ping all hosts/devices on Subnet A but NOT Subnet B ONLY when I use a laptop and OpenVPN client.
Let me ask this instead: I created a Site to Site - Site A is the OpenVPN server Site B is client. After this, I can ping hosts/dns clients no problem between the two sites.
Am I also suppose to create Site B as OpenVPN server and Site A as a client - in order to have laptops to use any of the OpenVPN servers and connectivity to all subnets from outside laptop connections? Basically two way instead of just one way?
-
@charlieblalock
As I told you above, you have to configure the routing over the VPN properly to get this work. And I tried to give hints, how to configure this.
If you provide some more information about your current VPN setup, I can probably give more details. -
@viragomann you need more than this?
-
@charlieblalock
Since you're using a /30 tunnel network for the site to site (not recommended anymore), I assume, that you haven't configured a client specific override.Then all you need to do is adding the access server tunnel network to the "remote networks" at site B. So the box should look like this then:
192.168.10.0/24,192.168.8.0/24 -
This post is deleted! -
N/M read that wrong
-
@viragomann said in 2 Site to Site and Remote OpenVPN client:
using a /30 tunnel network for the site to site (not recommended anymore),
Curious.. why not? I use and have used /30 on all my tunnels for years.
-
@chpalmer
Because of it's not compatible with DCO.
So you can configure a /30 tunnel, where DCO in not used. -
@viragomann Thank you Viragomann!! That was it!. My remote clients is now able to access everything. So in summary, not only do I add the remote LAN subnets, but also add the remote Tunnel network into the remote networks peer to peer settings (shown in neon green).
