I have uploaded the diagram here: - https://drive.google.com/file/d/0B6KoYLOFynuUcTVIc2tBdUl1RVk/view?usp=sharing
The goal is to allow our "Road Warrior" access to NAS-2 device located at Site B. Under current configuraton, the Road Warrior can successfully access NAS-1 thus proving the fact that we have all necessary routes correctly added for Site A. We somehow need to replicate this to Site B. Further, I am including below a relevant snippet from Road Warrior's OpenVPN log file that shows "PUSH" options. Happy to provide additional information as neessary. ...... ...... Sat Mar 26 01:13:08 2016 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 192.168.2.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 192.168.1.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' ...... ...... (PS: I know about the potential issues with 192.168.1.0 subnet. That is a separate discussion. Sigh.) -----Original Message----- From: Sumit Dahiya [mailto:sumit.dah...@eistech.com] Sent: Monday, March 28, 2016 3:38 PM To: 'openvpn-users@lists.sourceforge.net' Subject: RE: [Openvpn-users] Site-to-site: VPN'd into one Site You are right, our current site-to-site setup does not use OpenVPN. Instead, it uses router's built-in functionality. Couple of additional facts based on your comments: - 1. Our OpenVPN does not run on the router - it runs on a dedicated VPN server behind the router. 2. We have successfully added additional routes so router can see the VPN network and everything works great at Site A. 3. We already use --redirect-gateway in OpenVPN server's config file. 4. I will draw up a diagram and share it soon. Thanks. -----Original Message----- From: /dev/rob0 [mailto:r...@gmx.co.uk] Sent: Monday, March 28, 2016 3:27 PM To: openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] Site-to-site: VPN'd into one Site On Mon, Mar 28, 2016 at 03:09:20PM -0400, Sumit Dahiya wrote: > Our organization has two work sites (called A and B) that have > successfully communicated over a site-to-site connection for several > years. This site-to-site has been configured using our > router/firewalls’ built-in features. Does that mean it is not openvpn? I suppose it does. > Last week, we implemented OpenVPN at site A and got it working > correctly. Our traveling staff can now remotely access private > resources/servers located at Site A using OpenVPN. However, all > private servers located at Site B still remain inaccessible. It > appears as if OpenVPN cannot “see” them even though they can be > accessed just fine from Site A. > > I believe the problem is that we have not yet configured any routing > rule(s) in Site B’s router/firewall. Close, maybe. What routes did you push to the clients? If you intend for them to access Site B through Site A's OpenVPN server, they must have the routes to do that. > Has anyone here successfully configured above situation? If yes, could > you please share how you setup your Site B’s router/firewall? Things are easiest when openvpn runs on the router. When openvpn is behind a router, more routes are needed. The routers need to know how to reach the VPN networks. Clients need to know what networks they can get behind the server. Also, --redirect-gateway changes a lot, of this, so you really can't get a useful answer without sharing what you have done with your configuration. You might also include a diagram (ASCII inline, or an image via an image sharing service or other HTTP link) to show what networks you have and what you'd like clients to "see". -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140 _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140 _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
