How to allow roaming clients access remote LANs?
-
Thanks to a good amount of trial&error and assistance from good people, I managed to get the setup below work seamlessy:
HQ Router:
VPNS_A:
Type -> Peer to Peer (Shared Key)
Port -> 1194
Tunnel Network -> 10.0.0.0/24
Remote Networks -> 172.16.1.0/24VPNS_B:
Type -> Peer to Peer (Shared Key)
Port -> 1195
Tunnel Network -> 10.0.1.0/24
Remote Networks -> 172.16.2.0/24Client Routers:
BRANCH_A:
Server-> A.B.C.D:1194
Tunnel Network -> 10.0.0.0/24
Remote Networks -> 172.16.0.0/24, 172.16.2.0/24BRANCH_B:
Server-> A.B.C.D:1195
Tunnel Network -> 10.0.1.0/24
Remote Networks -> 172.16.0.0/24, 172.16.1.0/24I had to add static routes on all routers to make it happen. Now any client can ping any other.
But this time, I have another problem: roaming clients.
They want to be able to access resources on their private network from anywhere in the world. To that end, I set up another VPN server on the HQ router:
VPNS_C:
Type -> Remote Access (SSL/TLS)
Port -> 1196
Tunnel Network -> 10.0.2.0/24
Local Networks -> 172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/24I created the client configuration file and tested it on my PC. I can connect to the server but can access only the local HQ LAN (i.e. 172.16.0.0/24). What should I do to be able to access those remote LANs defined on branch routers?
-
@scilek said in How to allow roaming clients access remote LANs?:
Remote Networks -> 172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/24
These networks has to the added to the "Local Networks" in the access servers settings.
Leave "Remote Networks" blank.Additionally you have to add the tunnel subnet of the remote access server (10.0.2.0/24) to the "Remote Networks" in the OpenVPN settings of both branches.
-
@viragomann said in How to allow roaming clients access remote LANs?:
@scilek said in How to allow roaming clients access remote LANs?:
Remote Networks -> 172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/24
These networks has to the added to the "Local Networks" in the access servers settings.
Leave "Remote Networks" blank.Iam sorry, in my haste, I made a mistake. I have corrected my original post.
Additionally you have to add the tunnel subnet of the remote access server (10.0.2.0/24) to the "Remote Networks" in the OpenVPN settings of both branches.
I did that and it worked. Thank you very much. (Well, I had to create static routes again, but still, I now understand the whole concept.)