OpenVPN Local Networks vs Remote Networks

kevindd992002

For a site-to-site VPN with only two sites, what is the difference between local networks and remote networks in both sides? As I understand it, the networks listed in the local networks will push routes to these networks in the remote endpoint. And the networks listed in the remote networks will create routes to these networks in the local endpoint. So for two sites:

Site A (Server) Local Networks = Site B (Client) Remote Networks

So why is it that in this guide, it says to use both local networks and remote networks in the server configuration?

Even for more than two sites that is in a hub-spoke topology, can we not go away of just using the remote networks (just like when using peer to peer PSK) for all sites (server and clients included)?

Or is it just really for convenience? Meaning use remote networks only in the server config and do not use remote networks for all the clients because they get the routes pushed by the server anyway? I guess this is the answer to my question but I juts wanted to hear it from more experienced users here.

Also, if it's for convenience how come you put all networks in the local networks field? In the example above, you put all three networks there. So for say, one client (clientB), it will get three networks in its routing table including its own network. Won't that be a useless route? The firewall will not be reached by any computer in client B's network anyway if the destination IP is in the same subnet.

Rico

@kevindd992002 said in OpenVPN Local Networks vs Remote Networks:

Or is it just really for convenience? Meaning use remote networks only in the server config and do not use remote networks for all the clients because they get the routes pushed by the server anyway? I guess this is the answer to my question but I juts wanted to hear it from more experienced users here.

Yes the IPv4 Local Network box in SSL/TLS is to push routes to the Client side.

-Rico

kevindd992002

@Rico said in OpenVPN Local Networks vs Remote Networks:

@kevindd992002 said in OpenVPN Local Networks vs Remote Networks:

Or is it just really for convenience? Meaning use remote networks only in the server config and do not use remote networks for all the clients because they get the routes pushed by the server anyway? I guess this is the answer to my question but I juts wanted to hear it from more experienced users here.

Yes the IPv4 Local Network box in SSL/TLS is to push routes to the Client side.

-Rico

Right but why not just use remote networks in the client site since it's site to site anyway? I would understand the use to push routes for remote access for road warriors but for client sites that you have control of the configuration what's the advantage?

Rico

Sure for 2 or 3 Sites no big deal, but say you have 50 Sites and want to add one more....happy for any parameter you need to touch only once and push. ;-)

-Rico

kevindd992002

@Rico said in OpenVPN Local Networks vs Remote Networks:

Sure for 2 or 3 Sites no big deal, but say you have 50 Sites and want to add one more....happy for any parameter you need to touch only once and push. ;-)

-Rico

Ok, that makes sense. So in the example in the link above, if you put all networks in the Local Networks field, will one of the sites add a route for its own LAN network?