VPN "Peer-to-Peer" and "Remote Access"
-
Hello,
I need help for a configuration with 2 VPN ("Peer to Peer" and "Remote Access")
Explanation;
I have one configuration VPN "Peer to Peer" which works perfectly (OpenVPN / SharedKey / …)- Site A => Site B
I have also one configuration VPN "Remote Access" which work perfectly (OpenVPN / SSL/TLS / ....) - Remote User => Site A
My problem is: my Remote Users do not join the site B.
I think that the FW of the Site A does not know how (and where) redirect the requests to the site B and which come from the tunnel VPN " Remote Access ".
Anybody has t he(it) an opinion(notice) or an explanation on the subject?
- Site A => Site B
-
Is the remote access server set to push the default route to the client? If it isn't you have to enter the local subnets of site B into the "Local Networks" box.
Also you have to add the remote access tunnel network into the "Local Networks" box of the Peer to peer server. Presupposed the client pulls routes. It it doesn't you have to set the route at site B or do SNAT at A.
-
Peer to Peer is shared key so it can't push routes. The remote access tunnel network on Site A will have to be added to the remote networks at Site B
Just convert the Peer to peer link to SSL/TLS and you can centralize that config using Local networks and client-specific overrides on the server.
-
OP, this is a common question. The others have already mentioned it, but at a high level, what you have to do is:
-
Push the LAN subnet of site B to your remote access clients on site A
-
Add a return route for site A's remote access tunnel network to site B's side of the site-to-site tunnel… i.e. if site A's tunnel network is 10.0.0.0/24, you would add 10.0.0.0/24 to the IPv4 Remote network(s) field in site B's config.
-