Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 02 November 2024, 03:34:03 am

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14248 Posts in 4376 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  EFW2.5.1 OpenVPN 3 sites connection
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: EFW2.5.1 OpenVPN 3 sites connection  (Read 21491 times)
tim_fatter
Jr. Member
*
Offline Offline

Posts: 4


« on: Tuesday 27 March 2012, 11:00:15 pm »

Hi all,
I'm trying to connect 3 sites with OpenVPN and want to make them communicate with each other.
I have site A as vpn server, sites B and C connets to A using Gw2Gw.
Now I can successfully configure individual communication for A<->B and A<->C, but I don't know how to configure the B<->C, as they are both "client" to site A.
I tried on site A to configure the VPN firewall rule set as
efw02 -> efw03
and
efw03 -> efw02
where efw02 is the user for site B and efw03 is the user for site C.
but this not gonna work.
Is there anyone out there who can provide suggestion?
Thank you!
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Wednesday 28 March 2012, 03:10:10 am »

There are two options:
Create another VPN tunnel to directly connect B<->C. It will be faster than routing through A, and simplier. But you need an static IP on either B or C (or use DynDNS). No matter if B or C are OpenVPN clients of A, they can be Servers too.

The second option is to properly configure the tunnels.
 1-Push subnets to each client. i.e. To B push subnet from A & C. To C push subnets from A & B.
 2-On OpenVPN server, make sure that "Don't block traffic between clients:" option is marked. Otherwise it will block traffic between clients.
 3-Configure correctly your VPN Firewall. Do not disable it, configure it properly. The simplest option is an allow all rule. Log the traffic for debug purposes.
Start doing traceroutes, first from firewalls and then from final clients. Make sure traceroutes never go via internet, they shouldn't.
 I found out a bit complex to achieve a mesh VPN on OpenVPN, but can be done.
Logged
tim_fatter
Jr. Member
*
Offline Offline

Posts: 4


« Reply #2 on: Thursday 29 March 2012, 01:28:11 pm »

Hi Kroket,
Actually I choosed the 2nd option, I did like the following
1. Marked the "Don't block traffic between clients;
2. On each client(both B & C) I setup a very generic ruleset like:
         vpnuser <-> GREEN + OPENVPN
3. On vpnserver I setup vpn ruleset like vpnuserB <-> vpnuserC
after all those settings, the connection between A & B and A & C still can work, but B & C can NOT work also.
but if I setup for vnpuser(B/C) property on A with "push these networks only" block, the trafic will be blocked, there was a note under the "push these networks only" saying "If this box is empty routes to each of the networks of the other clients will be pushed to this client whenever it connects", I think it means if I leave this blank, the routes between clients' network will be automatically connected between B & C in my case, right?

Rgds,
Tim
Logged
laythingy59
Full Member
***
Offline Offline

Posts: 40


« Reply #3 on: Thursday 26 April 2012, 06:41:45 pm »

Im doing exactly the same thing re the 3 offices. I have services scattered about which isn't ideal for me but it suits the users.

I used this option yesterday
"Create another VPN tunnel to directly connect B<->C. It will be faster than routing through A, and simplier. But you need an static IP on either B or C (or use DynDNS). No matter if B or C are OpenVPN clients of A, they can be Servers too."

kroket, With the second option, do you not need to do the above anyway??
I've not configured the push subnets option yet, but the vpn firewall rule and don't block traffic is in place.

Trace Routes are successful so its seems to be working, but is it efficient.

Thanks

Adam
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com