Open vpn tunnel site2site

Vitor_Hugo_Barbosa · November 6, 2020, 11:12pm

Achieved the openvpn warrior at the school nethserver finally (another nethserver success), that I have installed without ip pass-through Swisscom workaround… Flawless Vitory (ahhhh), I have started the tests for site2site openvpn, but I am not yet achieved the results… In both nethservers sites (I activate openvpn tunnel servers my home to school), both says connected and activated. But when I try to access a local ip network from home to school, I cannot access none of them even the school nethserver ip… to do so I charge my openvpn roadwarrior client profile to make changes on site b (school) … I will provide the logs and photos guys… Thank you nethserver family

Andy_Wismer · November 6, 2020, 11:48pm

@Vitor_Hugo_Barbosa

Salut Vitor

Not from NethServer, but still may help conceptionally…

(My Home OPNsense)

Firewall rule for OpenVPN:

Bildschirmfoto 2020-11-07 um 00.45.322872×1460 315 KB
OpenVPN “Servers” configuration:

Bildschirmfoto 2020-11-07 um 00.45.122402×546 93 KB
Dashboard view (My Macbook connected right now)

Bildschirmfoto 2020-11-07 um 00.49.531152×518 67.1 KB

Note that I always use for the OpenVPN network 10.99.XX.0/24, where XX is the same in the LAN third Octet. Example LAN = 192.168.31.x, the OpenVPN will use 10.99.31.x…

Mes deux centimes
Andy

Vitor_Hugo_Barbosa · November 6, 2020, 11:52pm

Hummm much more easier on opnsense aka pfsense fork than nethserver

Andy_Wismer · November 6, 2020, 11:53pm

And a lot more options…

Andy_Wismer · November 6, 2020, 11:55pm

And: If you’re fixing your NethServer - or Proxmox due to a fried new SSD, you still have Internet to read about fixing here on this forum!

Andy_Wismer · November 6, 2020, 11:56pm

Security wise also top, if you want or need 2FA, also there…

Vitor_Hugo_Barbosa · November 6, 2020, 11:58pm

I will show you my configuration 2 sites

192.168.2.0/24 home

192.168.177. 0/24 school

Both connected but something missing

I didn’t make an routing rule yet on school nethserver… Don’t know if will help… Bref… Misses something

Andy_Wismer · November 7, 2020, 12:04am

If OPNsense is the main firewall, no routing entry is needed on either site, OPNsense handles the routing automatically - and correctly!

I’ve also connected OPNsense <-> Nethserver, using OpenVPN and IPsec. Both work well…

Andy_Wismer · November 7, 2020, 12:08am

is your school nethserver the primary gateway / firewall there?

Vitor_Hugo_Barbosa · November 7, 2020, 12:08am

So the secret is into the firewall… I have already forwarded into the firewall from nethserver to lan in both sides, services openvpn, ivpn… All but tweek firewalls needed it means and also trusted networks also both sides maybe… Headache

Vitor_Hugo_Barbosa · November 7, 2020, 12:08am

Both sides as gateway openvpn tunnel servers with secret shared key switched confs respectively of course…

On my nethserver logs on I have on openvpn site2site reset by peer

Andy_Wismer · November 7, 2020, 12:11am

I use Nethserver a very lot, but i still prefer my OPNsense firewall!

It’s only job is protecting the network, acting as firewall, dhcp, dns and NTP & VPN server. And all this it does excellently!

Can NethServer do something like this for NTP?

You can, but it needs a lot of handy-work on CLI…

Mes deux centimes
Andy

Vitor_Hugo_Barbosa · November 7, 2020, 12:16am

I will keep fighting thanks Andy

Have a great evening

Andy_Wismer · November 7, 2020, 12:16am

You too!