Two local networks



  • Is it possible to setup OpenVPN so that you have two separated local networks over the same tunnel network?

    I.e if i configure my tunnell network to be 192.168.10.0/24, could I then have tow separated 24bit-masked local networks, 10.0.1.0/24 and 10.0.2.0/24 ?? Or do I have to set combine them and set my local network to be 10.0.0.0/16 to achieve this? The latter would work great as long as both net's are derived from the same upper subnet (and OpenVPN should just see both as one large local network), but it would not work if trying to reach both 10.0.1.0 and 192.168.1.0…..

    Anyone tried this and have some knowledge in the possabilites??



  • It shouldn't be too difficult. Let's say on the server end is:
    10.0.1.0/24
    10.0.2.0/24
    and on the client:
    192.168.1.0/24
    192.168.2.0/24
    You want:
    10.0.1.0/24 to talk to 192.168.1.0/24
    10.0.2.0/24 to talk to 192.168.2.0/24
    but not to talk crossways (e.g. 10.0.1.0/24 should not connect to 192.168.2.0/24)
    Setup an OpenVPN Server at the 10 end with IPv4 Remote Network 192.168.1.0/24 and in Advanced put:

    route 192.168.2.0 255.255.255.0
    

    Setup the Client at the 192 end with IPv4 Remote Network 10.0.1.0/24 and in Advanced put:

    route 10.0.2.0 255.255.255.0
    

    Now each end of the OpenVPN link knows about the 2 subnets at the other end.
    Add Firewall rules for OpenVPN, IPv4, allow all protocols,
    On the 10 end:

    • source 10.0.1.0/24 destination 192.168.1.0/24
    • source 10.0.2.0/24 destination 192.168.2.0/24
      On the 192 end:
    • source 192.168.1.0/24 destination 10.0.1.0/24
    • source 192.168.2.0/24 destination 10.0.2.0/24
      The default block all should be stopping anything else.
      For the rules, it's easy if you also define some aliases for the remote subnet addresses and use the aliases. (locally you can probably use LAN subnet, OPT1 subnet… they probably already have good names for the local subnets you want to reference.)


  • I think i didn't make myself clear enough, and that your solution was a bit more than needed…. I'm tinking a scenario where I have ONE local client, using tunnel 192.168.10.0, and with a remote network end (other side of VPN) beeing 10.0.1.0/24 (but I would also like the network 10.0.2.0/24 to be accessible at the same time - can this be done only by setting the routing option in the advanced section? If so this solves my problem :-)



  • Just tried this and the```
    push "route 10.0.2.0 255.255.255.0"

    I can now reach both subnets from my client….. :-)

Locked