Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Two local networks

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      an10bill
      last edited by

      Is it possible to setup OpenVPN so that you have two separated local networks over the same tunnel network?

      I.e if i configure my tunnell network to be 192.168.10.0/24, could I then have tow separated 24bit-masked local networks, 10.0.1.0/24 and 10.0.2.0/24 ?? Or do I have to set combine them and set my local network to be 10.0.0.0/16 to achieve this? The latter would work great as long as both net's are derived from the same upper subnet (and OpenVPN should just see both as one large local network), but it would not work if trying to reach both 10.0.1.0 and 192.168.1.0…..

      Anyone tried this and have some knowledge in the possabilites??

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        It shouldn't be too difficult. Let's say on the server end is:
        10.0.1.0/24
        10.0.2.0/24
        and on the client:
        192.168.1.0/24
        192.168.2.0/24
        You want:
        10.0.1.0/24 to talk to 192.168.1.0/24
        10.0.2.0/24 to talk to 192.168.2.0/24
        but not to talk crossways (e.g. 10.0.1.0/24 should not connect to 192.168.2.0/24)
        Setup an OpenVPN Server at the 10 end with IPv4 Remote Network 192.168.1.0/24 and in Advanced put:

        route 192.168.2.0 255.255.255.0

        Setup the Client at the 192 end with IPv4 Remote Network 10.0.1.0/24 and in Advanced put:

        route 10.0.2.0 255.255.255.0

        Now each end of the OpenVPN link knows about the 2 subnets at the other end.
        Add Firewall rules for OpenVPN, IPv4, allow all protocols,
        On the 10 end:

        • source 10.0.1.0/24 destination 192.168.1.0/24
        • source 10.0.2.0/24 destination 192.168.2.0/24
          On the 192 end:
        • source 192.168.1.0/24 destination 10.0.1.0/24
        • source 192.168.2.0/24 destination 10.0.2.0/24
          The default block all should be stopping anything else.
          For the rules, it's easy if you also define some aliases for the remote subnet addresses and use the aliases. (locally you can probably use LAN subnet, OPT1 subnet… they probably already have good names for the local subnets you want to reference.)

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • A
          an10bill
          last edited by

          I think i didn't make myself clear enough, and that your solution was a bit more than needed…. I'm tinking a scenario where I have ONE local client, using tunnel 192.168.10.0, and with a remote network end (other side of VPN) beeing 10.0.1.0/24 (but I would also like the network 10.0.2.0/24 to be accessible at the same time - can this be done only by setting the routing option in the advanced section? If so this solves my problem :-)

          1 Reply Last reply Reply Quote 0
          • A
            an10bill
            last edited by

            Just tried this and the```
            push "route 10.0.2.0 255.255.255.0"

            I can now reach both subnets from my client….. :-)
            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.