Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site-To-site : static IP address for Tunnel interface

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 669 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      boujid
      last edited by

      Hello

      i've searched this subject but stilt without answer, i've found an article about how to do so for Client-To-Site and not Site-To-site using the "ifconfig-push" in the client specific overrides section

      let's say, i have an openvpn server, configured with an IP tunnel network : 192.168.1.0/24 and i have two remote sites (not clients)
      once VPN is up, the first site is connected with 192.168.1.2 (tunnel interface address), the second site 192.168.1.3, while the server has the 192.168.1.1 address for its tunnel interface

      the problem is that i must use the tunnel adresses for the monitoring of the remote sites, but as these address are dynamic,, this task cannot be done because maybe the 192.168.1.2 will be given to another site later

      in my case i've to configure a dozen of remote sites, so i really need to fix the tunnel addresses, static way or a "reservation" for the dynamic configuration

      Thanks a lot

      1 Reply Last reply Reply Quote 0
      • M
        mcdiesel
        last edited by

        With site to site (peer to peer), you setup a server instance on a seperate port for each site.

        Each instance has it's own tunnel network. The server always gets the first address in the tunnel range, the client always gets the second address.

        No ifconfig-push is needed, no client specific overrides are needed, as there is only ever one client for that server instance.

        If you didn't do this, you couldn't specify the unique remote networks on the server side.

        1 Reply Last reply Reply Quote 0
        • B
          boujid
          last edited by

          Thanks a lot
          well, i thought there will be one instance in the server talking with many remote sites
          so now, i must have instances in the server as many as the number of remote sites
          so the topology in the clients settings is just for client-to-site
          it make sense, but it's a hell of work
          thanks again

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.