Site-To-site : static IP address for Tunnel interface

  • Hello

    i've searched this subject but stilt without answer, i've found an article about how to do so for Client-To-Site and not Site-To-site using the "ifconfig-push" in the client specific overrides section

    let's say, i have an openvpn server, configured with an IP tunnel network : and i have two remote sites (not clients)
    once VPN is up, the first site is connected with (tunnel interface address), the second site, while the server has the address for its tunnel interface

    the problem is that i must use the tunnel adresses for the monitoring of the remote sites, but as these address are dynamic,, this task cannot be done because maybe the will be given to another site later

    in my case i've to configure a dozen of remote sites, so i really need to fix the tunnel addresses, static way or a "reservation" for the dynamic configuration

    Thanks a lot

  • With site to site (peer to peer), you setup a server instance on a seperate port for each site.

    Each instance has it's own tunnel network. The server always gets the first address in the tunnel range, the client always gets the second address.

    No ifconfig-push is needed, no client specific overrides are needed, as there is only ever one client for that server instance.

    If you didn't do this, you couldn't specify the unique remote networks on the server side.

  • Thanks a lot
    well, i thought there will be one instance in the server talking with many remote sites
    so now, i must have instances in the server as many as the number of remote sites
    so the topology in the clients settings is just for client-to-site
    it make sense, but it's a hell of work
    thanks again

Log in to reply