I’m taking my first steps with this awesome project and I could use some advise.
I’m trying to link to remote locations with OpenVPN, so far I managed to have NethServer at the “branch office” connected to a NethServer at the “Central office”, and also a Terminal at the Branch office accessing the Central NethServer.
What I couldn’t get foing is accessing addicionar resourses at the Central Office.
I have read several NethServer and OpenVPN docs but had no luck so far…
These are the details:
Central Office
NethS 6.6 running on a VM
UDP 1194 and GRE forwarded to the VM (successfully as I can connect to it from Branch)
Two additional Windows servers that I need to access, one for folder the other for MSSQL
IP address 192.168.0.3 mask 255.255.255.0
LAN’s gateway is 192.168.0.1
Mode: Router / VPN Network 10.0.0.0 / VPN user declared as “vpnlink, 192.168.1.0 mask 255.255.255.0”
Branch Office
NethS 6.6 running on metal
IP is 192.168.1.3 mask 255.255.255.0
LAN’s gateway is 192.168.1.1
Only “OpenVPN Client” activated, using certificate (successfully configured as it automatically connects to Central Office)
At both ends I have created Static Routes as I understood from my readings, but I have a hunch that here is where I am making some mistake…
I can ping from Branch NethServer to the Central one, and adding a rule I can also ping from a Branch terminal to the Central NethServer.
but I can not ping or browser additional servers at the Central Office from either device on Branch office.
Hi,
I should have mentioned that both instances have only one network card, I intend to add a second one to the one at the Branch office but I didn’t get it yet because of time constraints.
That looks quite similar to my current setup, let me ask you a couple of details:
I see “Office” is declared with its IP address, and not its network, so in my case that should be 192.168.1.3, right?
Is that so even when neither of my NethServers acts as the network gateway?
Should I remove the static routes I created? IIRC creating them did not make any difference to begin with, so it looks like they are not needed… (meybe they are implicit in the VPN creation)
That is pretty much like my current configuration, but I still can´t connect to anything other than the OpenVPN server.
Only that my VPN servers are NOT my gateways at either location.
This is a trace from my “Branch Office” NethS to my “Central Office” NethS:
traceroute to 192.168.0.102 (192.168.0.102), 30 hops max, 60 byte packets
1 10.0.2.1 (10.0.2.1) 1267.494 ms 1267.489 ms 1267.536 ms
2 * * *
[…]
30 * * *
(For some reason I had to change the virtual network from 10.0.0.0 to 10.0.2.0, please ignore that mismatch between my original post)
The trace gets stuck at the virtual network, I´m thinking it is a routing problem
A trace to the “Central office” VPN server returns this:
Traceroute to 192.168.0.4 (192.168.0.4), 30 hops max, 60 byte packets
1 192.168.0.4 (192.168.0.4) 24.546 ms 24.534 ms 31.795 ms
I 've been woking with it for a while and made no further progress… Could I be missing any firewall rules even though I don 't think I have activated the firewall modules?
if your NS is not a default GW in network so you should add static routes like
on linux pc :
route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.1.1
op Win pc :
route add 192.168.0.0/24 192.168.1.1
or push this route by your default GW to client PC