VPN - Accessing additional network servers and resources


(MadOp) #1

Hi there,

I’m taking my first steps with this awesome project and I could use some advise.

I’m trying to link to remote locations with OpenVPN, so far I managed to have NethServer at the “branch office” connected to a NethServer at the “Central office”, and also a Terminal at the Branch office accessing the Central NethServer.

What I couldn’t get foing is accessing addicionar resourses at the Central Office.

I have read several NethServer and OpenVPN docs but had no luck so far…

These are the details:

  • Central Office
  • NethS 6.6 running on a VM
  • UDP 1194 and GRE forwarded to the VM (successfully as I can connect to it from Branch)
  • Two additional Windows servers that I need to access, one for folder the other for MSSQL
  • IP address 192.168.0.3 mask 255.255.255.0
  • LAN’s gateway is 192.168.0.1
  • Mode: Router / VPN Network 10.0.0.0 / VPN user declared as “vpnlink, 192.168.1.0 mask 255.255.255.0”
  • Branch Office
  • NethS 6.6 running on metal
  • IP is 192.168.1.3 mask 255.255.255.0
  • LAN’s gateway is 192.168.1.1
  • Only “OpenVPN Client” activated, using certificate (successfully configured as it automatically connects to Central Office)

At both ends I have created Static Routes as I understood from my readings, but I have a hunch that here is where I am making some mistake…

  • Central
    Network 192.168.1.0 / mask 255.255.255.0 / router 192.168.0.3
    Network 10.0.0.0 / mask 255.255.255.0 / router 192.168.0.3

  • Branch
    Network 192.168.0.0 / mask 255.255.255.0 / router 192.168.1.3
    Network 10.0.0.0 / mask 255.255.255.0 / router 192.168.1.3

I can ping from Branch NethServer to the Central one, and adding a rule I can also ping from a Branch terminal to the Central NethServer.
but I can not ping or browser additional servers at the Central Office from either device on Branch office.

Any help will be appreciated.

Thanks in advance!


(MadOp) #2

Hi,
I should have mentioned that both instances have only one network card, I intend to add a second one to the one at the Branch office but I didn’t get it yet because of time constraints.

Alex.


(Artem Fedai) #3

Hi Dear Alex, you should use only Irroute on your OpenVPN and Client to Client option so you would have transparent bridge between your networks :slight_smile:


So you create user Office with remote Network like 192.168.0.1 255.255.255.0


(MadOp) #4

Hi ! Thank you for sucha fast reply!

That looks quite similar to my current setup, let me ask you a couple of details:

I see “Office” is declared with its IP address, and not its network, so in my case that should be 192.168.1.3, right?

Is that so even when neither of my NethServers acts as the network gateway?

Should I remove the static routes I created? IIRC creating them did not make any difference to begin with, so it looks like they are not needed… (meybe they are implicit in the VPN creation)

Thanks in advance,
regards.


(Artem Fedai) #5

So:

  1. Make your Head NS Green IP ZONE 192.168.1.1 / mask 255.255.255.0
  2. Go to VPN As I show, make cert for Office Network 192.168.0.1 / mask 255.255.255.0
  3. Go to OpenVPN and add as like in my picture
  4. Go to Office server Green IP ZONE 192.168.0.1 / mask 255.255.255.0
  5. Go to VPN and make Client
  6. Go to the Market for beer

(MadOp) #6

Hi there,

That is pretty much like my current configuration, but I still can´t connect to anything other than the OpenVPN server.
Only that my VPN servers are NOT my gateways at either location.

This is a trace from my “Branch Office” NethS to my “Central Office” NethS:

traceroute to 192.168.0.102 (192.168.0.102), 30 hops max, 60 byte packets
1 10.0.2.1 (10.0.2.1) 1267.494 ms 1267.489 ms 1267.536 ms
2 * * *
[…]
30 * * *

(For some reason I had to change the virtual network from 10.0.0.0 to 10.0.2.0, please ignore that mismatch between my original post)

The trace gets stuck at the virtual network, I´m thinking it is a routing problem

A trace to the “Central office” VPN server returns this:

Traceroute to 192.168.0.4 (192.168.0.4), 30 hops max, 60 byte packets
1 192.168.0.4 (192.168.0.4) 24.546 ms 24.534 ms 31.795 ms

Thanks.


(MadOp) #7

Hi,

Any insights on this?

I 've been woking with it for a while and made no further progress… Could I be missing any firewall rules even though I don 't think I have activated the firewall modules?

Thanks.


(Artem Fedai) #8

Hi could you write topology that you whant to achieve ?


(Artem Fedai) #9

if your NS is not a default GW in network so you should add static routes like
on linux pc :
route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.1.1
op Win pc :
route add 192.168.0.0/24 192.168.1.1
or push this route by your default GW to client PC

and in other side you should do the same