How to connect to one of the VPN site then access to its other VPN sites?

yashiharu

There are TWO OpenVPN sites: siteA and siteB
siteA: OpenVPN server (site2site) LAN: 192.168.0.x
siteB: OpenVPN client (site2site) LAN: 192.168.1.x
All computers on both siteA and siteB can access to each others.

I am able to access the computers on siteA with OpenVPN client on the phone.
Now I would like to access the computers on siteB too.

I could set up another OpenVPN server on siteB and connect with my phone. It's not practical but works.

I prefer to connect to ONE of these 2 sites and access to both.
Any advice, please?

viragomann

@yashiharu said in How to connect to one of the VPN site then access to its other VPN sites?:

I am able to access the computers on siteA with OpenVPN client on the phone.

So you're running a second VPN server on site A for client access, I assume.
You have to configure the routing for the connection between an access server client and site B.

You must push the network behind site B to the client by entering it into the "Local Networks" box in the access server settings.
Additional you have to go into OpenVPN settings on site B and add the access servers tunnel network to the "Remote Networks" there.

JKnott

@yashiharu said in How to connect to one of the VPN site then access to its other VPN sites?:

Now I would like to access the computers on siteB too.

Then you need to configure routing from A to B. If A isn't your default route, then you'll also have to tell your end how to get to B through A. It's all just basic routing.

yashiharu

@viragomann said in How to connect to one of the VPN site then access to its other VPN sites?:

@yashiharu said in How to connect to one of the VPN site then access to its other VPN sites?:

I am able to access the computers on siteA with OpenVPN client on the phone.

So you're running a second VPN server on site A for client access, I assume.
You have to configure the routing for the connection between an access server client and site B.

You must push the network behind site B to the client by entering it into the "Local Networks" box in the access server settings.
Additional you have to go into OpenVPN settings on site B and add the access servers tunnel network to the "Remote Networks" there.

thanks.

The only thing I need to do is add both local networks in each of the servers.

Now: mainSiteA, siteB, siteC is all connected and their nodes can reach each other

I set up another OpenVPN server for phone access
I can connect to mainSiteA and all it's local network devices, but I can't reach siteB from phone. (already fill in the local network parameter.)

Any advise please?

yashiharu

@JKnott said in How to connect to one of the VPN site then access to its other VPN sites?:

@yashiharu said in How to connect to one of the VPN site then access to its other VPN sites?:

Now I would like to access the computers on siteB too.

Then you need to configure routing from A to B. If A isn't your default route, then you'll also have to tell your end how to get to B through A. It's all just basic routing.

What can I do that on phone?
I've already config the server on A to use "local network of A & B"
how can I tell my phone to route to B when accessing A?

thanks

viragomann

@yashiharu said in How to connect to one of the VPN site then access to its other VPN sites?:

but I can't reach siteB from phone.

Did you chech that also with Wifi deactivated? Possibly its network is overlapping with that one at site B. 192.168.1.x is not a good choice for a network range which should be connected to another one via VPN.

yashiharu

@viragomann

Yes. Under wifi deactivated.

Actually.
mainSiteA: 192.168.1.0/24 (3 OpenVPN server)
SiteB: 192.168.0.0/24 (1 OVPN client)
SiteC: 192.168.2.0/24 (1 OVPN client)
phone (1 OVPN client)

When I am using the wifi on SiteC, the phone can access all devices on site A, B and C (because they are all connected and routed by VPN )

When I am using 4G with OpenVPN client on phone to connect the OpenVPN server on mainSiteA, I can only access to the devices on site A

on the OVPN server for phone:
Server mode is different (SSL+User)
all the rest are same to the other 2 OVPN servers
IPv4 Tunnel: 10.0.x.0/24
IPv4 local network: 192.168.0.0/24, 192.168.2.0/24

try push "route 192.168.0.0 255.255.255.0"
it doesn't work.

viragomann

@viragomann said in How to connect to one of the VPN site then access to its other VPN sites?:

Additional you have to go into OpenVPN settings on site B and add the access servers tunnel network to the "Remote Networks" there

Did you do that?

You have also to add the tunnel on site C to enable access to C.

yashiharu

@viragomann

no. May I know how?

IPv4 Tunnel Network
SiteA: OvpnServer for SiteB: 10.0.1.0/24
SiteA: OvpnServer for SiteC: 10.0.2.0/24
SiteA: OvpnServer for phone: 10.0.3.0/24

SiteB: OvpnClient: 10.0.1.0/24

SiteC: OvpnClient: 10.0.2.0/24

Phone: OvpnClient: nothing i can do

viragomann

And why didn't you put all the suggestions into practice or ask how to do before? You're going to waste our time here, dude!

Don't know what's difficult here?
Add the access servers tunnel network to the "Remote Networks".

As you stated, the access servers tunnel network: 10.0.3.0/24

So the networks given as you stated above:
@yashiharu said in How to connect to one of the VPN site then access to its other VPN sites?:

mainSiteA: 192.168.1.0/24 (3 OpenVPN server)
SiteB: 192.168.0.0/24 (1 OVPN client)
SiteC: 192.168.2.0/24 (1 OVPN client)

on site B the "IPv4 Remote Networks" box should contain

192.168.1.0/24,192.168.2.0/24,10.0.3.0/24

on site C the "IPv4 Remote Networks" box should contain

192.168.1.0/24,192.168.0.0/24,10.0.3.0/24

That's the magic.