OpenVPN LAN to LAN setup

Home Page Forums Network Management Networking OpenVPN LAN to LAN setup

This topic contains 10 replies, has 0 voices, and was last updated by  matthew.a.squires 10 years, 5 months ago.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #41122

    I have been trying for months to get traffic to pass through my OpenVPN LAN to LAN connection.

    LAN-A & LAN-B

    I have a very stable connection between LAN-A & LAN-B.
    There is no IP address associated with the OpenVPN LAN-A & LAN-B connection.
    The subnets on both LANs are different subnets.
    I have setup Static Routes using “Network” and using “Host”, pointing to the VPN00 Port from LAN-A to LAN-B.
    I have turned off my Firewall.
    I am not BRIDGING, nor am I BONDING any connections.
    I NAT the ports.
    I have setup LAN-A as the server & LAN-B as Client.
    I have setup LAN-B as the server & LAN-A as Client.

    I cannot get any traffic through the OpenVPN LAN to LAN connection.
    I cannot PING anything on the other side of either network.

    May I please have detailed instructions on setting up an OpenVPN LAN to LAN connection?

    #46723

    imported_fulvio
    Participant

    Have you assigned an IP address on VPN00 interfaces of both sites? After that you can create the static routes by using those IPs as gateways. If you prefer you could enable RIP routing protocol to automatically establish the routing between the sites.
    On the VPN interfaces you must assign IPs of a new private subnet.
    Regards
    Fulvio

    #46724

    It is working; THANK YOU VERY MUCH!!!!!!

    I have another issue; when I enable RIP it is disabling my Wireless Network.
    I removed VPN99 from the RIP List and it is still disabling my Wireless.
    I have tested it 7 times and every time my wireless is being disabled.

    Is their a way to stop my Wireless from being disabled when RIP is enabled?
    What am I doing wrong?

    #46725

    imported_fulvio
    Participant

    Is Zeroshell acting as wifi Access Point or do you have an external AP? In any case you should check the routing table and post it either in the case in which RIPv2 has been enabled or not.

    Regards
    Fulvio

    #46726

    Zeroshell is my WiFi.
    When I enable RIPv2 the WiFI is disabled.
    When I create static Routs using the exact same info from RIPv2, the WiFI is not disabled.

    #46727

    imported_fulvio
    Participant

    I am not able to reproduce your problem. Have you added the WiFi interface to the “RIP Enabled Interface”? That would be useless.

    Regards
    Fulvio

    #46728

    Question: From your statement, I understand that having the WiFi interface in the RIPv2 Interface may be causing the connections to drop.

    BUT—I am running two servers off of the Wireless Network and I would like to have the subnet in the RIPv2 Interface, along with all of the other wireless clients & secondary SID/Subnets

    I will test the Wireless connection with the Wireless interface removed from the RIPv2 interface.

    #46729

    I disabled the RIP and user Static Routing.
    Issue Resolved

    Thanks

    #46730

    jt
    Member

    I’ve been using the new version 11 of Zeroshell, and it’s working great.

    I still don’t understand how to configure the LAN to LAN VPN. The VPN00 tunnel is connecting, and the VPN log shows it is working, but I can’t connect to IPs on the other side. tcpdump shows VPN packets sending and receiving, too.

    Site A:
    ETH00 is 192.168.0.1/24
    ETH01 is the internet gateway

    VPN00 has addresses assigned to it:
    192.168.15.200 as VLAN 15
    192.168.23.200 as VLAN 23
    192.168.80.200
    – – – – –
    Site B:
    ETH00 has
    192.168.15.1/24 as VLAN 15
    192.168.23.1/24 as VLAN 23
    192.168.80.1/24 non vlan.
    ETH01 is the internet gateway.

    VPN00 has the address assigned to it:
    192.168.0.200

    From Site B, I can ping 192.168.0.200 , but can’t ping anything else in the 192.168.0.x subnet at Site A — “destination unreachable”. Pinging from Site B to A doesn’t work either. I don’t see any open ports over the VPN.

    If I view the route list from Site B, I see an auto route to 192.168.0.0/24 using VPN00.

    What am I missing here?

    #46731

    imported_fulvio
    Participant

    Your IP assignment is wrong. Are you sure that a bridge between ETH00 and VPN00 is not a good solution for you? only by using bridging you are able to have the same IP subnet on both remote sites. In any case, post an image with a network diagram of what you would like to obtain.

    Regards
    Fulvio

    #46732

    jt
    Member

    Fulvio, thanks for your fast reply.

    I’ve used ipsec VPNs where the VPN setup has the public IP address of the remote site, and the subnet and mask of the remote site that will be routed via the VPN. So I tried a similar concept here–that’s why I’m confused.

    My goal is to link Site A 192.168.0.0/24 with Site B 192.168.27.0/24. For example: A client machine at Site B, 192.168.27.19 connect to a server at Site A 192.168.0.100. Or a print job from Site A would print at Site B.

    I’d like to access all the other subnets at Site B from Site A, too.

    Zeroshell is used as the internet router at both ends. ETH00 is the lan, and ETH01 is the internet gateway.

    Site B is a new building for the company and needs multiple subnets. The Zeroshell router is used to route between Site B’s subnets and connect to the internet.

    Site A is the old building and is where everyone works now. People will move to Site B a few at a time over the next few months, then we’ll shut down Site A.

    #46733

    jt
    Member

    I got the LAN-to-LAN VPN working now. I didn’t get the concept of the VPN’s own IP addresses at first. Zeroshell is great, but we need more working examples in detail like this:

    This is how I configured the LAN-to-LAN VPN:

    Site A has one subnet, Site B has three subnets, two are VLANS.

    Site A:
    ETH00 is the LAN 192.168.0.0/24 IP 192.168.0.1
    ETH01 is the internet gateway

    VPN LAN-to-LAN
    Remote host is the public IP for Site B. Port 1195 TCP, Authentication: PSK. Generated a key and pasted it into Site B, too. Gateway: Auto

    VPN00 shows Connected once the Site B VPN is up. I can ping from zeroshell to 192.168.55.11 then, too.

    Add IP to VPN00 192.168.55.10 mask 255.255.255.0 vlan: Native
    NOTE—this is an arbitrary subnet that is only used for VLAN gateways.

    Here’s the critical step to make this work:
    Router –> Add a static route
    Destination: 192.168.15.0 mask 255.255.255.0 Gateway: 192.168.55.11 Metric 0 NOTE–192.168.55.11 is the VPN address at Site B, not this Site A.

    Added static routes for 192.168.23.0 and 192.168.80.0 the same way.

    = = = = = = = =
    Site B:
    ETH00 is the LAN:
    192.168.15.0/24 IP 192.168.15.1 this is vlan 15.
    192.168.23.0/24 IP 192.168.23.0 this is vlan 23.
    192.168.80.0/24 IP 192.168.80.0 non-vlan subnet.
    ETH01 is the internet gateway

    VPN LAN-to-LAN
    Remote host is the public IP for Site A. Port 1195 TCP, Authentication: PSK. Same key as Site A. Gateway: Auto

    VPN00 shows Connected once the Site A VPN is up. I can ping from zeroshell to 192.168.55.10

    Add IP to VPN00 192.168.55.11 mask 255.255.255.0 vlan: Native

    Router –> Add a static route
    Destination: 192.168.0.0 mask 255.255.255.0 Gateway: 192.168.55.10 Metric 0 NOTE–this is the VPN address at Site A.

    Remember, both ends need the static routes set up or the reply to a packet won’t come back via the VPN.

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.