dserarols
Posts: 2
Joined: Fri May 29, 2020 9:39 am
Location: Barcelona
Contact: Facebook Twitter

VPN site-to-site between two raspberries

Fri May 29, 2020 9:57 am

Hello world,

I have two raspberries in two sites. Both have OpenVPN running and some clients connected.
First site, let's say A, has a LAN 192.168.1.0/24. Second site, let's say B, has 192.168.26.0/24.


I would like to connect these two sites with a VPN, no matter which one. My first idea was one of them as a OpenVPN client from de other one, but I can not change OpenVPN addressing 10.8.0.0/24......and this create a conflict.

So, is there any way to change OpenVPN addressing? Changing server parameter on server.conf results just in changing IP pool, but not tun0 interface.

Do you recommend a second VPN technology like IPSec/IKE? Maybe Wireguard?

Thank you very much!

bls
Posts: 718
Joined: Mon Oct 22, 2018 11:25 pm
Location: Seattle, WA
Contact: Twitter

Re: VPN site-to-site between two raspberries

Fri May 29, 2020 3:04 pm

dserarols wrote:
Fri May 29, 2020 9:57 am
Hello world,

I have two raspberries in two sites. Both have OpenVPN running and some clients connected.
First site, let's say A, has a LAN 192.168.1.0/24. Second site, let's say B, has 192.168.26.0/24.


I would like to connect these two sites with a VPN, no matter which one. My first idea was one of them as a OpenVPN client from de other one, but I can not change OpenVPN addressing 10.8.0.0/24......and this create a conflict.

So, is there any way to change OpenVPN addressing? Changing server parameter on server.conf results just in changing IP pool, but not tun0 interface.

Do you recommend a second VPN technology like IPSec/IKE? Maybe Wireguard?

Thank you very much!
Not an OpenVPN-based solution, but...I have been using strongSwan (ipsec/IKEV2) for several years on openSuse, and moved my VPN endpoint to a Pi a couple of years ago. I built a super-simple management tool for it, which is available at https://github.com/gitbls/pistrong. Zero o VPN in less than an hour!

I've used it for quite a while on my own VPN, and used it to set up a friend with a site-to-site VPN between his house and a location at the far end of a Hughes satellite link, which works really well!
Pi tools:
Easily and quickly build customized-just-for-you SD Cards: https://github.com/gitbls/sdm
Free your network from your router's DHCP/DNS:https://github.com/gitbls/ndm
Easy strongSwan VPN installer/manager: https://github.com/gitbls/pistrong
Lightweight Virtual VNC Config: https://github.com/gitbls/RPiVNCHowTo

dserarols
Posts: 2
Joined: Fri May 29, 2020 9:39 am
Location: Barcelona
Contact: Facebook Twitter

Re: VPN site-to-site between two raspberries

Fri May 29, 2020 3:07 pm

strongSwan? Thank you very much! I'll try to configure it :D

bls
Posts: 718
Joined: Mon Oct 22, 2018 11:25 pm
Location: Seattle, WA
Contact: Twitter

Re: VPN site-to-site between two raspberries

Fri May 29, 2020 4:11 pm

dserarols wrote:
Fri May 29, 2020 3:07 pm
strongSwan? Thank you very much! I'll try to configure it :D
strongSwan is a great VPN, but the documentation can require a lot of digging to sort out. pistrong handles nearly all the complexity for you and will save you pulling out a LOT of hair :lol:
Pi tools:
Easily and quickly build customized-just-for-you SD Cards: https://github.com/gitbls/sdm
Free your network from your router's DHCP/DNS:https://github.com/gitbls/ndm
Easy strongSwan VPN installer/manager: https://github.com/gitbls/pistrong
Lightweight Virtual VNC Config: https://github.com/gitbls/RPiVNCHowTo

Return to “Networking and servers”