Reply To: OpenVPN LAN to LAN setup

Home Page Forums Network Management Networking OpenVPN LAN to LAN setup Reply To: OpenVPN LAN to LAN setup

#46733

jt
Member

I got the LAN-to-LAN VPN working now. I didn’t get the concept of the VPN’s own IP addresses at first. Zeroshell is great, but we need more working examples in detail like this:

This is how I configured the LAN-to-LAN VPN:

Site A has one subnet, Site B has three subnets, two are VLANS.

Site A:
ETH00 is the LAN 192.168.0.0/24 IP 192.168.0.1
ETH01 is the internet gateway

VPN LAN-to-LAN
Remote host is the public IP for Site B. Port 1195 TCP, Authentication: PSK. Generated a key and pasted it into Site B, too. Gateway: Auto

VPN00 shows Connected once the Site B VPN is up. I can ping from zeroshell to 192.168.55.11 then, too.

Add IP to VPN00 192.168.55.10 mask 255.255.255.0 vlan: Native
NOTE—this is an arbitrary subnet that is only used for VLAN gateways.

Here’s the critical step to make this work:
Router –> Add a static route
Destination: 192.168.15.0 mask 255.255.255.0 Gateway: 192.168.55.11 Metric 0 NOTE–192.168.55.11 is the VPN address at Site B, not this Site A.

Added static routes for 192.168.23.0 and 192.168.80.0 the same way.

= = = = = = = =
Site B:
ETH00 is the LAN:
192.168.15.0/24 IP 192.168.15.1 this is vlan 15.
192.168.23.0/24 IP 192.168.23.0 this is vlan 23.
192.168.80.0/24 IP 192.168.80.0 non-vlan subnet.
ETH01 is the internet gateway

VPN LAN-to-LAN
Remote host is the public IP for Site A. Port 1195 TCP, Authentication: PSK. Same key as Site A. Gateway: Auto

VPN00 shows Connected once the Site A VPN is up. I can ping from zeroshell to 192.168.55.10

Add IP to VPN00 192.168.55.11 mask 255.255.255.0 vlan: Native

Router –> Add a static route
Destination: 192.168.0.0 mask 255.255.255.0 Gateway: 192.168.55.10 Metric 0 NOTE–this is the VPN address at Site A.

Remember, both ends need the static routes set up or the reply to a packet won’t come back via the VPN.