Site to Site Local Static IP

chrisjmuk

Hello,

I am trying to use the OpenVPN in pfSense to site to site connect a remote server into a local network and give it a local network static ip.

For example the local network is 10.9.8.0/24 with servers on that network, and i want a remote server to connect to that network but also have a 10.9.8.0/24 IP address so we can ping it from inside the network and vise versa - i have tried all different things to get this work.

Can anyone give a quick guide on doing this - is it possible to do it through a TUN protocal?

Kind Regards,
Chris

Rico

Whats the problem with accessing the server by its real remote site IP?

-Rico

chrisjmuk

@Rico said in Site to Site Local Static IP:

Whats the problem with accessing the server by its real remote site IP?

-Rico

Because i run MySQL Group Replication and it needs that IP on that same network for to be access and communicate with each other.

Im sure this must be possible and someone has done it before, its basically just an extention of the current network and the remote location needs to have that local network IP.

marvosa

@chrisjmuk said in Site to Site Local Static IP:

I am trying to use the OpenVPN in pfSense to site to site connect a remote server into a local network and give it a local network static ip.
For example the local network is 10.9.8.0/24 with servers on that network, and i want a remote server to connect to that network but also have a 10.9.8.0/24 IP address so we can ping it from inside the network and vise versa - i have tried all different things to get this work.
Can anyone give a quick guide on doing this - is it possible to do it through a TUN protocal?
Kind Regards,
Chris

In order to keep the subnets the same on both sides, you would have to configure a bridged solution with TAP. The only reason to do this is if the software relies on broadcasts.

Because i run MySQL Group Replication and it needs that IP on that same network for to be access and communicate with each other.

Im sure this must be possible and someone has done it before, its basically just an extention of the current network and the remote location needs to have that local network IP.

I am not that familiar with MySQL, however, after googling MySQL Group Replication and reading the requirements, I saw nothing stating the servers had to be in the same subnet. In fact, I saw statements that appear to show evidence of the contrary:

"There is also nothing preventing Group Replication from operating over a virtual private network (VPN)."

"Can I deploy Group Replication across wide-area networks?
Yes, but the network connection between each member must be reliable and have suitable performance. Low latency, high bandwidth network connections are a requirement for optimal performance."

These quotes are coming from documentation on dev.mysql.com. Regarding replication over a VPN, I saw no requirements for a bridged solution vs. a routed solution. Nor do I see anything specified in the second quote, which came from the FAQ section, that states the servers need to be in the same subnet.

So, where are you seeing this information that replication needs to happen in the same subnet? From the quick research I've done, it appears that replication over a routed tunnel will work just fine.

chrisjmuk

Its not so much that but the way our network works.

Our internal IP works on a NAT system so MySQL on that internal IP / Network would show a different external IP trying to connect to our remote server hense why it needs to be on the same network or be able to communicate with each other.

chrisjmuk

I have tried to do it through a TAP and briged it to LAN but im still unable to ping from and to the remote server the firewalls are open for both, i am not sure what is going on.

Rico

Hard to say without knowing your setup.
https://docs.netgate.com/pfsense/en/latest/book/openvpn/bridged-openvpn-connections.html

-Rico

chrisjmuk

I did already follow that and other guides.

As as soon as i make a bridge then connect to the VPN i get the following error on the client side

write to TUN/TAP : Invalid argument (code=22)

chrisjmuk

Driving me insane now - needed to reinstall pfsense. - set it all back up and now its not setting the ip i set in the bridge dhcp

code_text
```Wed Apr  3 14:44:57 2019 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Wed Apr  3 14:44:57 2019 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.9.8.0
Wed Apr  3 14:44:57 2019 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Wed Apr  3 14:44:57 2019 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.9.8.0
Wed Apr  3 14:44:57 2019 TUN/TAP device tap0 opened
Wed Apr  3 14:44:57 2019 Initialization Sequence Completed```
code_text

I tried to manaully add the route but that didnt work either - any ideas?