› Forums › Network Management › Networking › OpenVPN LAN to LAN setup
- This topic has 10 replies, 3 voices, and was last updated 1 year, 1 month ago by
matthew.a.squires.
-
AuthorPosts
-
August 4, 2008 at 6:15 pm #41122
matthew.a.squires
MemberI have been trying for months to get traffic to pass through my OpenVPN LAN to LAN connection.
LAN-A & LAN-B
I have a very stable connection between LAN-A & LAN-B.
There is no IP address associated with the OpenVPN LAN-A & LAN-B connection.
The subnets on both LANs are different subnets.
I have setup Static Routes using “Network” and using “Host”, pointing to the VPN00 Port from LAN-A to LAN-B.
I have turned off my Firewall.
I am not BRIDGING, nor am I BONDING any connections.
I NAT the ports.
I have setup LAN-A as the server & LAN-B as Client.
I have setup LAN-B as the server & LAN-A as Client.I cannot get any traffic through the OpenVPN LAN to LAN connection.
I cannot PING anything on the other side of either network.May I please have detailed instructions on setting up an OpenVPN LAN to LAN connection?
August 4, 2008 at 8:20 pm #46723imported_fulvio
ParticipantHave you assigned an IP address on VPN00 interfaces of both sites? After that you can create the static routes by using those IPs as gateways. If you prefer you could enable RIP routing protocol to automatically establish the routing between the sites.
On the VPN interfaces you must assign IPs of a new private subnet.
Regards
FulvioAugust 5, 2008 at 12:57 am #46724matthew.a.squires
MemberIt is working; THANK YOU VERY MUCH!!!!!!
I have another issue; when I enable RIP it is disabling my Wireless Network.
I removed VPN99 from the RIP List and it is still disabling my Wireless.
I have tested it 7 times and every time my wireless is being disabled.Is their a way to stop my Wireless from being disabled when RIP is enabled?
What am I doing wrong?August 5, 2008 at 7:41 am #46725imported_fulvio
ParticipantIs Zeroshell acting as wifi Access Point or do you have an external AP? In any case you should check the routing table and post it either in the case in which RIPv2 has been enabled or not.
Regards
FulvioAugust 6, 2008 at 2:48 am #46726matthew.a.squires
MemberZeroshell is my WiFi.
When I enable RIPv2 the WiFI is disabled.
When I create static Routs using the exact same info from RIPv2, the WiFI is not disabled.August 6, 2008 at 7:51 am #46727imported_fulvio
ParticipantI am not able to reproduce your problem. Have you added the WiFi interface to the “RIP Enabled Interface”? That would be useless.
Regards
FulvioAugust 6, 2008 at 5:34 pm #46728matthew.a.squires
MemberQuestion: From your statement, I understand that having the WiFi interface in the RIPv2 Interface may be causing the connections to drop.
BUT—I am running two servers off of the Wireless Network and I would like to have the subnet in the RIPv2 Interface, along with all of the other wireless clients & secondary SID/Subnets
I will test the Wireless connection with the Wireless interface removed from the RIPv2 interface.
August 27, 2008 at 2:50 pm #46729matthew.a.squires
MemberI disabled the RIP and user Static Routing.
Issue ResolvedThanks
October 26, 2008 at 1:15 am #46730jt
MemberI’ve been using the new version 11 of Zeroshell, and it’s working great.
I still don’t understand how to configure the LAN to LAN VPN. The VPN00 tunnel is connecting, and the VPN log shows it is working, but I can’t connect to IPs on the other side. tcpdump shows VPN packets sending and receiving, too.
Site A:
ETH00 is 192.168.0.1/24
ETH01 is the internet gatewayVPN00 has addresses assigned to it:
192.168.15.200 as VLAN 15
192.168.23.200 as VLAN 23
192.168.80.200
– – – – –
Site B:
ETH00 has
192.168.15.1/24 as VLAN 15
192.168.23.1/24 as VLAN 23
192.168.80.1/24 non vlan.
ETH01 is the internet gateway.VPN00 has the address assigned to it:
192.168.0.200From Site B, I can ping 192.168.0.200 , but can’t ping anything else in the 192.168.0.x subnet at Site A — “destination unreachable”. Pinging from Site B to A doesn’t work either. I don’t see any open ports over the VPN.
If I view the route list from Site B, I see an auto route to 192.168.0.0/24 using VPN00.
What am I missing here?
October 26, 2008 at 8:08 am #46731imported_fulvio
ParticipantYour IP assignment is wrong. Are you sure that a bridge between ETH00 and VPN00 is not a good solution for you? only by using bridging you are able to have the same IP subnet on both remote sites. In any case, post an image with a network diagram of what you would like to obtain.
Regards
FulvioOctober 26, 2008 at 11:32 am #46732jt
MemberFulvio, thanks for your fast reply.
I’ve used ipsec VPNs where the VPN setup has the public IP address of the remote site, and the subnet and mask of the remote site that will be routed via the VPN. So I tried a similar concept here–that’s why I’m confused.
My goal is to link Site A 192.168.0.0/24 with Site B 192.168.27.0/24. For example: A client machine at Site B, 192.168.27.19 connect to a server at Site A 192.168.0.100. Or a print job from Site A would print at Site B.
I’d like to access all the other subnets at Site B from Site A, too.
Zeroshell is used as the internet router at both ends. ETH00 is the lan, and ETH01 is the internet gateway.
Site B is a new building for the company and needs multiple subnets. The Zeroshell router is used to route between Site B’s subnets and connect to the internet.
Site A is the old building and is where everyone works now. People will move to Site B a few at a time over the next few months, then we’ll shut down Site A.
October 27, 2008 at 7:32 pm #46733jt
MemberI got the LAN-to-LAN VPN working now. I didn’t get the concept of the VPN’s own IP addresses at first. Zeroshell is great, but we need more working examples in detail like this:
This is how I configured the LAN-to-LAN VPN:
Site A has one subnet, Site B has three subnets, two are VLANS.
Site A:
ETH00 is the LAN 192.168.0.0/24 IP 192.168.0.1
ETH01 is the internet gatewayVPN LAN-to-LAN
Remote host is the public IP for Site B. Port 1195 TCP, Authentication: PSK. Generated a key and pasted it into Site B, too. Gateway: AutoVPN00 shows Connected once the Site B VPN is up. I can ping from zeroshell to 192.168.55.11 then, too.
Add IP to VPN00 192.168.55.10 mask 255.255.255.0 vlan: Native
NOTE—this is an arbitrary subnet that is only used for VLAN gateways.Here’s the critical step to make this work:
Router –> Add a static route
Destination: 192.168.15.0 mask 255.255.255.0 Gateway: 192.168.55.11 Metric 0 NOTE–192.168.55.11 is the VPN address at Site B, not this Site A.Added static routes for 192.168.23.0 and 192.168.80.0 the same way.
= = = = = = = =
Site B:
ETH00 is the LAN:
192.168.15.0/24 IP 192.168.15.1 this is vlan 15.
192.168.23.0/24 IP 192.168.23.0 this is vlan 23.
192.168.80.0/24 IP 192.168.80.0 non-vlan subnet.
ETH01 is the internet gatewayVPN LAN-to-LAN
Remote host is the public IP for Site A. Port 1195 TCP, Authentication: PSK. Same key as Site A. Gateway: AutoVPN00 shows Connected once the Site A VPN is up. I can ping from zeroshell to 192.168.55.10
Add IP to VPN00 192.168.55.11 mask 255.255.255.0 vlan: Native
Router –> Add a static route
Destination: 192.168.0.0 mask 255.255.255.0 Gateway: 192.168.55.10 Metric 0 NOTE–this is the VPN address at Site A.Remember, both ends need the static routes set up or the reply to a packet won’t come back via the VPN.
-
AuthorPosts
- You must be logged in to reply to this topic.