EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Saturday 28 December 2024, 12:07:49 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the official Endian Community Mailinglist
HERE
14262
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
VPN Support
EFW2.5.1 OpenVPN 3 sites connection
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: EFW2.5.1 OpenVPN 3 sites connection (Read 24024 times)
tim_fatter
Jr. Member
Offline
Posts: 4
EFW2.5.1 OpenVPN 3 sites connection
«
on:
Tuesday 27 March 2012, 11:00:15 pm »
Hi all,
I'm trying to connect 3 sites with OpenVPN and want to make them communicate with each other.
I have site A as vpn server, sites B and C connets to A using Gw2Gw.
Now I can successfully configure individual communication for A<->B and A<->C, but I don't know how to configure the B<->C, as they are both "client" to site A.
I tried on site A to configure the VPN firewall rule set as
efw02 -> efw03
and
efw03 -> efw02
where efw02 is the user for site B and efw03 is the user for site C.
but this not gonna work.
Is there anyone out there who can provide suggestion?
Thank you!
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: EFW2.5.1 OpenVPN 3 sites connection
«
Reply #1 on:
Wednesday 28 March 2012, 03:10:10 am »
There are two options:
Create another VPN tunnel to directly connect B<->C. It will be faster than routing through A, and simplier. But you need an static IP on either B or C (or use DynDNS). No matter if B or C are OpenVPN clients of A, they can be Servers too.
The second option is to properly configure the tunnels.
1-Push subnets to each client. i.e. To B push subnet from A & C. To C push subnets from A & B.
2-On OpenVPN server, make sure that "Don't block traffic between clients:" option is marked. Otherwise it will block traffic between clients.
3-Configure correctly your VPN Firewall. Do not disable it, configure it properly. The simplest option is an allow all rule. Log the traffic for debug purposes.
Start doing traceroutes, first from firewalls and then from final clients. Make sure traceroutes never go via internet, they shouldn't.
I found out a bit complex to achieve a mesh VPN on OpenVPN, but can be done.
Logged
tim_fatter
Jr. Member
Offline
Posts: 4
Re: EFW2.5.1 OpenVPN 3 sites connection
«
Reply #2 on:
Thursday 29 March 2012, 01:28:11 pm »
Hi Kroket,
Actually I choosed the 2nd option, I did like the following
1. Marked the "Don't block traffic between clients;
2. On each client(both B & C) I setup a very generic ruleset like:
vpnuser <-> GREEN + OPENVPN
3. On vpnserver I setup vpn ruleset like vpnuserB <-> vpnuserC
after all those settings, the connection between A & B and A & C still can work, but B & C can NOT work also.
but if I setup for vnpuser(B/C) property on A with "push these networks only" block, the trafic will be blocked, there was a note under the "push these networks only" saying "If this box is empty routes to each of the networks of the other clients will be pushed to this client whenever it connects", I think it means if I leave this blank, the routes between clients' network will be automatically connected between B & C in my case, right?
Rgds,
Tim
Logged
laythingy59
Full Member
Offline
Posts: 40
Re: EFW2.5.1 OpenVPN 3 sites connection
«
Reply #3 on:
Thursday 26 April 2012, 06:41:45 pm »
Im doing exactly the same thing re the 3 offices. I have services scattered about which isn't ideal for me but it suits the users.
I used this option yesterday
"Create another VPN tunnel to directly connect B<->C. It will be faster than routing through A, and simplier. But you need an static IP on either B or C (or use DynDNS). No matter if B or C are OpenVPN clients of A, they can be Servers too."
kroket, With the second option, do you not need to do the above anyway??
I've not configured the push subnets option yet, but the vpn firewall rule and don't block traffic is in place.
Trace Routes are successful so its seems to be working, but is it efficient.
Thanks
Adam
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.078 seconds with 21 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com