Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to allow roaming clients access remote LANs?

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 425 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scilek
      last edited by scilek

      Thanks to a good amount of trial&error and assistance from good people, I managed to get the setup below work seamlessy:

      1574138210269-network_setup.png

      HQ Router:

      VPNS_A:
      Type -> Peer to Peer (Shared Key)
      Port -> 1194
      Tunnel Network -> 10.0.0.0/24
      Remote Networks -> 172.16.1.0/24

      VPNS_B:
      Type -> Peer to Peer (Shared Key)
      Port -> 1195
      Tunnel Network -> 10.0.1.0/24
      Remote Networks -> 172.16.2.0/24

      Client Routers:

      BRANCH_A:
      Server-> A.B.C.D:1194
      Tunnel Network -> 10.0.0.0/24
      Remote Networks -> 172.16.0.0/24, 172.16.2.0/24

      BRANCH_B:
      Server-> A.B.C.D:1195
      Tunnel Network -> 10.0.1.0/24
      Remote Networks -> 172.16.0.0/24, 172.16.1.0/24

      I had to add static routes on all routers to make it happen. Now any client can ping any other.

      But this time, I have another problem: roaming clients.

      They want to be able to access resources on their private network from anywhere in the world. To that end, I set up another VPN server on the HQ router:

      VPNS_C:
      Type -> Remote Access (SSL/TLS)
      Port -> 1196
      Tunnel Network -> 10.0.2.0/24
      Local Networks -> 172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/24

      I created the client configuration file and tested it on my PC. I can connect to the server but can access only the local HQ LAN (i.e. 172.16.0.0/24). What should I do to be able to access those remote LANs defined on branch routers?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        @scilek said in How to allow roaming clients access remote LANs?:

        Remote Networks -> 172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/24

        These networks has to the added to the "Local Networks" in the access servers settings.
        Leave "Remote Networks" blank.

        Additionally you have to add the tunnel subnet of the remote access server (10.0.2.0/24) to the "Remote Networks" in the OpenVPN settings of both branches.

        S 1 Reply Last reply Reply Quote 1
        • S
          scilek @viragomann
          last edited by

          @viragomann said in How to allow roaming clients access remote LANs?:

          @scilek said in How to allow roaming clients access remote LANs?:

          Remote Networks -> 172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/24

          These networks has to the added to the "Local Networks" in the access servers settings.
          Leave "Remote Networks" blank.

          Iam sorry, in my haste, I made a mistake. I have corrected my original post.

          Additionally you have to add the tunnel subnet of the remote access server (10.0.2.0/24) to the "Remote Networks" in the OpenVPN settings of both branches.

          I did that and it worked. Thank you very much. (Well, I had to create static routes again, but still, I now understand the whole concept.)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.