Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help me understand OpenVPN

    OpenVPN
    3
    5
    3.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      naughtyusmaximus
      last edited by

      I just want to make sure that I am looking at the right solution to my problem.  I think I understand how this all works, but I'm not positive.

      I have:
      network A, running 192.168.0.x/24
      network B, running 192.168.1.x/24

      A and B are separated by the internet.  My goal is to have a permanent encrypted connection between the two networks, wherein I can ping any machine on network A from network B, and any from B to A.

      Would the correct approach to this problem be to set up OpenVPN as a server on network A, and as a client on network B?  Is this possible without having to use 192.168.2.x or 192.168.3.x?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Yes you can use openVPN to do this.
        And no to your second Question. You do need another subnet to route over (192.168.x.x or any other private network like 172.16.x.x ~ 172.31.x.x or 10.x.x.x).

        If you want to do that without using another subnet use IPSEC, but then you need to have a static IP on at least one side of the tunnel.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • N
          naughtyusmaximus
          last edited by

          Ok, thank you for your quick reply.  If OpenVPN requires different subnets, how does that work?  How are they assigned on the different networks?

          Currently, I have network A, with workstations 192.168.0.1 through to 192.168.0.254, and network B with 192.168.1.x - .y

          If the network is set up as so:

          192.168.0.x    |–--> pfSense (A)----> WAN IP (A) <...> WAN IP (B) <---- pfSense (B)< ---- | 192.168.1.y

          When I set up OpenVPN between pfSense (A) and pfSense (B), where does it create the new subnets, and how are they allocated?  If I have a service running on 192.168.0.1, how can I access it from 192.168.1.x?

          **I have got a static IP to use for this, so maybe IPSEC would be a better option.

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            The new subnet is created automatically when you define it on the openVPN page.
            If you dont know anything about openVPN i suggest you read the pfense-docs about openVPN
            http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • JeGrJ
              JeGr LAYER 8 Moderator
              last edited by

              The only subnet that's created is a "transfer net" between the two OpenVPN nodes. You can use some completely different one (10.x.x.x or 172.16.x.x) and it is only used for communication between the OpenVPN endpoints. In normal use you don't have anything to do with it, you just work as the other sides ip range is a local one. Nothing to get worried about. There's a nice howto explaining the steps setting it up that way. I suggest looking into it.

              Greets Grey

              Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

              If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post