4. How to allow roaming clients access remote LANs?

How to allow roaming clients access remote LANs?

  • S

    Thanks to a good amount of trial&error and assistance from good people, I managed to get the setup below work seamlessy:

    1574138210269-network_setup.png

    HQ Router:

    VPNS_A:
    Type -> Peer to Peer (Shared Key)
    Port -> 1194
    Tunnel Network -> 10.0.0.0/24
    Remote Networks -> 172.16.1.0/24

    VPNS_B:
    Type -> Peer to Peer (Shared Key)
    Port -> 1195
    Tunnel Network -> 10.0.1.0/24
    Remote Networks -> 172.16.2.0/24

    Client Routers:

    BRANCH_A:
    Server-> A.B.C.D:1194
    Tunnel Network -> 10.0.0.0/24
    Remote Networks -> 172.16.0.0/24, 172.16.2.0/24

    BRANCH_B:
    Server-> A.B.C.D:1195
    Tunnel Network -> 10.0.1.0/24
    Remote Networks -> 172.16.0.0/24, 172.16.1.0/24

    I had to add static routes on all routers to make it happen. Now any client can ping any other.

    But this time, I have another problem: roaming clients.

    They want to be able to access resources on their private network from anywhere in the world. To that end, I set up another VPN server on the HQ router:

    VPNS_C:
    Type -> Remote Access (SSL/TLS)
    Port -> 1196
    Tunnel Network -> 10.0.2.0/24
    Local Networks -> 172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/24

    I created the client configuration file and tested it on my PC. I can connect to the server but can access only the local HQ LAN (i.e. 172.16.0.0/24). What should I do to be able to access those remote LANs defined on branch routers?

    0
  • V

    @scilek said in How to allow roaming clients access remote LANs?:

    Remote Networks -> 172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/24

    These networks has to the added to the "Local Networks" in the access servers settings.
    Leave "Remote Networks" blank.

    Additionally you have to add the tunnel subnet of the remote access server (10.0.2.0/24) to the "Remote Networks" in the OpenVPN settings of both branches.

    1
    S
     1 Reply
  • S

    @viragomann said in How to allow roaming clients access remote LANs?:

    @scilek said in How to allow roaming clients access remote LANs?:

    Remote Networks -> 172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/24

    These networks has to the added to the "Local Networks" in the access servers settings.
    Leave "Remote Networks" blank.

    Iam sorry, in my haste, I made a mistake. I have corrected my original post.

    Additionally you have to add the tunnel subnet of the remote access server (10.0.2.0/24) to the "Remote Networks" in the OpenVPN settings of both branches.

    I did that and it worked. Thank you very much. (Well, I had to create static routes again, but still, I now understand the whole concept.)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy