Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to allow roaming clients access remote LANs?

    OpenVPN
    2
    3
    61
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scilek last edited by scilek

      Thanks to a good amount of trial&error and assistance from good people, I managed to get the setup below work seamlessy:

      1574138210269-network_setup.png

      HQ Router:

      VPNS_A:
      Type -> Peer to Peer (Shared Key)
      Port -> 1194
      Tunnel Network -> 10.0.0.0/24
      Remote Networks -> 172.16.1.0/24

      VPNS_B:
      Type -> Peer to Peer (Shared Key)
      Port -> 1195
      Tunnel Network -> 10.0.1.0/24
      Remote Networks -> 172.16.2.0/24

      Client Routers:

      BRANCH_A:
      Server-> A.B.C.D:1194
      Tunnel Network -> 10.0.0.0/24
      Remote Networks -> 172.16.0.0/24, 172.16.2.0/24

      BRANCH_B:
      Server-> A.B.C.D:1195
      Tunnel Network -> 10.0.1.0/24
      Remote Networks -> 172.16.0.0/24, 172.16.1.0/24

      I had to add static routes on all routers to make it happen. Now any client can ping any other.

      But this time, I have another problem: roaming clients.

      They want to be able to access resources on their private network from anywhere in the world. To that end, I set up another VPN server on the HQ router:

      VPNS_C:
      Type -> Remote Access (SSL/TLS)
      Port -> 1196
      Tunnel Network -> 10.0.2.0/24
      Local Networks -> 172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/24

      I created the client configuration file and tested it on my PC. I can connect to the server but can access only the local HQ LAN (i.e. 172.16.0.0/24). What should I do to be able to access those remote LANs defined on branch routers?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        @scilek said in How to allow roaming clients access remote LANs?:

        Remote Networks -> 172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/24

        These networks has to the added to the "Local Networks" in the access servers settings.
        Leave "Remote Networks" blank.

        Additionally you have to add the tunnel subnet of the remote access server (10.0.2.0/24) to the "Remote Networks" in the OpenVPN settings of both branches.

        S 1 Reply Last reply Reply Quote 1
        • S
          scilek @viragomann last edited by

          @viragomann said in How to allow roaming clients access remote LANs?:

          @scilek said in How to allow roaming clients access remote LANs?:

          Remote Networks -> 172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/24

          These networks has to the added to the "Local Networks" in the access servers settings.
          Leave "Remote Networks" blank.

          Iam sorry, in my haste, I made a mistake. I have corrected my original post.

          Additionally you have to add the tunnel subnet of the remote access server (10.0.2.0/24) to the "Remote Networks" in the OpenVPN settings of both branches.

          I did that and it worked. Thank you very much. (Well, I had to create static routes again, but still, I now understand the whole concept.)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy