I need advice
-
I have two sites A & B. Site A has a PPPoE connection with 5 static IPs. Site B has 1 dynamic IP. We need to access site B to check security cameras, building controls, etc.
I thought of:-
having an OpenVPN tunnel between site A & site B.
-
adding the extra IPs as aliases
-
dedicating one static IP from site A to be used for site B
-
forwarding all the traffic destined to "this" IP to site B through the OpenVPN tunnel.
Is this the best way? I appreciate any suggestions or feedback? Please see attached graph.
-
-
You will get more eyes on your issue if you post it in the Tech Support - General forum.
-
I am struggling to think of a better way, so that means it must be the best way ;)
On your site-to-site OpenVPN tunnel put the relevant IP addresses/subnets in the local and remote networks boxes at each end, then the system will know what to route through the tunnel. Add firewall rules on each end of the tunnel to permit stuff that you want to allow in from the other end.
Then you should be able to port forward needed ports (or all ports) from the selected static IP at site A to LAN B.
-
@KOM:
You will get more eyes on your issue if you post it in the Tech Support - General forum.
Thanks. Can I do that myself or an admin must do that. I am not sure if "double posting" is allowed.
-
I am struggling to think of a better way, so that means it must be the best way ;)
On your site-to-site OpenVPN tunnel put the relevant IP addresses/subnets in the local and remote networks boxes at each end, then the system will know what to route through the tunnel. Add firewall rules on each end of the tunnel to permit stuff that you want to allow in from the other end.
Then you should be able to port forward needed ports (or all ports) from the selected static IP at site A to LAN B.
Thanks.
-
Can I do that myself or an admin must do that. I am not sure if "double posting" is allowed.
An admin can do it or you can post again in the proper place without breaking any rules. If you do cross-post a lot then other users will start to harass you about it, but this is just a harmless oversight.
-
OpenVPN peer-to-peer seems to be the right answer.
What you need to add to above answer is the need for dynamic DNS stuff so that despite dynamic IP on site B, you can still know how to reach it ;)
