2 Site to Site and Remote OpenVPN client
-
@charlieblalock
To connect the subnets of A and B you might have entered to respective remote subnet into the OpenVPN configuration and and also setup a CSO.
You have to update these settings and add the tunnel network of the access server at B.
How, exactly depends on it it's the client or the server. -
@viragomann Subnets A & B are both connected as I stated via Site to Site OpenVPN connection. I can access devices and hosts between the two sites via IP Address or via DNS names no problem - Site to Site works.
The issue is when I connect to Site A using OpenVPN client on laptop. I can ping all hosts/devices on Subnet A but NOT Subnet B ONLY when I use a laptop and OpenVPN client.
Let me ask this instead: I created a Site to Site - Site A is the OpenVPN server Site B is client. After this, I can ping hosts/dns clients no problem between the two sites.
Am I also suppose to create Site B as OpenVPN server and Site A as a client - in order to have laptops to use any of the OpenVPN servers and connectivity to all subnets from outside laptop connections? Basically two way instead of just one way?
-
@charlieblalock
As I told you above, you have to configure the routing over the VPN properly to get this work. And I tried to give hints, how to configure this.
If you provide some more information about your current VPN setup, I can probably give more details. -
@viragomann you need more than this?
-
@charlieblalock
Since you're using a /30 tunnel network for the site to site (not recommended anymore), I assume, that you haven't configured a client specific override.Then all you need to do is adding the access server tunnel network to the "remote networks" at site B. So the box should look like this then:
192.168.10.0/24,192.168.8.0/24 -
This post is deleted! -
N/M read that wrong
-
@viragomann said in 2 Site to Site and Remote OpenVPN client:
using a /30 tunnel network for the site to site (not recommended anymore),
Curious.. why not? I use and have used /30 on all my tunnels for years.
-
@chpalmer
Because of it's not compatible with DCO.
So you can configure a /30 tunnel, where DCO in not used. -
@viragomann Thank you Viragomann!! That was it!. My remote clients is now able to access everything. So in summary, not only do I add the remote LAN subnets, but also add the remote Tunnel network into the remote networks peer to peer settings (shown in neon green).
