OpenVPN Routing Site-to-Site tunnel to Remote Access VPN tunnel



  • Main Office Configuration:
    Local network: 192.168.10.1

    Main Office Site-To-Site VPN server:
    IPv4 Tunnel Network: 192.168.90.0/24
    IPv4 Remote network(s): 192.168.110.0/24, 192.168.111.0/24

    Main Office Remote Access VPN server:
    IPv4 Tunnel Network: 192.168.80.0/24
    IPv4 Local network(s): 192.168.10.0/24, 192.168.110.0/24, 192.168.111.0/24

    Satellite Facility #1 Configuration:
    Local network: 192.168.110.1

    Satellite Facility Site-To-Site #1 VPN Client:
    IPv4 Tunnel Network: 192.168.90.0/30
    IPv4 Remote network(s): 192.168.10.0/24, 192.168.80.0/24

    Satellite Facility #2 Configuration:
    Local network: 192.168.111.1

    Satellite Facility Site-To-Site #2 VPN Client:
    IPv4 Tunnel Network: 192.168.90.0/30
    IPv4 Remote network(s): 192.168.10.0/24, 192.168.80.0/24

    I create a new interface for 192.168.90.0/24 tunnel, called Site-To-Site
    I create a new interface for 192.168.80.0/24 tunnel, called Remote Access

    From Main Office Site-To-Site VPN server:, I can access both 192.168.110.0/24 and 192.168.111.0/24

    My laptop is connecting to Remote Access tunnel. How can I do routing, so that my laptop can get to all LAN networks which are accessible from Main Office Site-To-Site VPN server:?



  • At a high level, you would need to push each LAN you want to access to out to your clients and then enter the remote access tunnel network in the config of each remote location.

    You also don't need to create interfaces unless you're doing policy routing.



  • Thanks for the info Marvosa!

    One more question, is there a way to route all available LANs from site-to-site tunnel to Remote Access tunnel? Or pushing each LAN is a more proper way to do?



  • If I understand your original post correctly, you appear to have a similar circumstance as mine. I have a main office in NY that is connected to an office in Atlanta via S2S VPN. Users also want to be able to remotely access their network from home and have access to files on both servers. Two questions for you:

    1. Is what you described in your original post capable of doing that (that's what it looks like to me)

    2. Can you elaborate on how you achieved this? I understand, conceptually, the need to push to the client, but what exactly were the steps you took?

    Thanks, I know this thread is a little old, but I'm trying to figure out to route traffic such that users can connect from home and access files on servers at each office.



  • @buomque:

    Thanks for the info Marvosa!

    One more question, is there a way to route all available LANs from site-to-site tunnel to Remote Access tunnel? Or pushing each LAN is a more proper way to do?

    buomque, it depends on what kind of solution you want to end up with.  One way to achieve your objective is going full tunnel, but then all traffic is routed down the tunnel.  If you want to stay split tunnel, then every subnet you want access to will need to be pushed out to your clients.

    @drummrman85:

    If I understand your original post correctly, you appear to have a similar circumstance as mine. I have a main office in NY that is connected to an office in Atlanta via S2S VPN. Users also want to be able to remotely access their network from home and have access to files on both servers. Two questions for you:

    1. Is what you described in your original post capable of doing that (that's what it looks like to me)

    2. Can you elaborate on how you achieved this? I understand, conceptually, the need to push to the client, but what exactly were the steps you took?

    Thanks, I know this thread is a little old, but I'm trying to figure out to route traffic such that users can connect from home and access files on servers at each office.

    drummrman85, he may or may not answer, but regardless… I would start a new thread and provide specifics so we can offer targeted guidance based on the details of your network