RevoSolution
Posts: 1
Joined: Fri Apr 12, 2013 2:34 pm

Site-to-Site with 2 raspberry's (NATless)

Fri Apr 12, 2013 2:40 pm

Hi,

Im not sure if there is already a posted question, but im curious if there is a possibility to create a Site to Site VPN solution using minimal 2 raspberry's tunneling without making NAT of Firewall changes.

I would like to create 2 different VPN solutions:
2 x Raspberry tunneling to eachother ( with lan acces on both sides.)
2 x Raspberry + 1x Keepalive server (dedicated) wich couples preconfigured raspberry to eachother.

Has anyone got a headsup/tip/already made solution for me?

Many thanks

broo0ose
Posts: 318
Joined: Wed Dec 14, 2011 3:59 pm
Location: Wirral, UK

Re: Site-to-Site with 2 raspberry's (NATless)

Fri Apr 12, 2013 8:03 pm

NAT is used because the IP addresses on your internal networks will be in the private address space ( as per RFC1918). This is an agreed set of IP addresses that will never be used on the internet. All internet routers will throw these packets away without NAT.

What NAT does is swap the internal network address for a real internet one so that you can route over the internet. So unless you are lucky enough to own a set of real IP addresses or you are routing across a network that is not on the internet you will need NAT.

cleverca22
Posts: 581
Joined: Sat Aug 18, 2012 2:33 pm

Re: Site-to-Site with 2 raspberry's (NATless)

Sat Apr 13, 2013 3:51 am

if you had full control of both LAN's and had a decent vpn client (which may need port forwarding), you can make a nat-free link between them

basically, each lan needs its own subnet like 192.168.0.* and 192.168.1.*

the .0.* lan needs to be setup to forward all traffic for .1.* towards its local pi (lets call it .0.2)
the .1.* lan needs to be setup to forward all traffic for .0.* towards the pi local to that network (lets call it .1.2)

each pi is then setup to route the traffic via a gateway identified by the other pi's vpn address

some vpn's like openvpn can configure all of that automaticaly (within the pi itelf)

after that, you need to get the routing entries for everything on the lan, simplest is to it up in the main gateway at both ends

if its all done right, it just acts line one big lan, any pc on either side can ping any pc on the other side

mikaeldui
Posts: 1
Joined: Wed Dec 04, 2013 9:25 pm
Location: Lidingö, Sweden

Re: Site-to-Site with 2 raspberry's (NATless)

Wed Dec 04, 2013 9:36 pm

cleverca22 wrote:if you had full control of both LAN's and had a decent vpn client (which may need port forwarding), you can make a nat-free link between them

basically, each lan needs its own subnet like 192.168.0.* and 192.168.1.*

the .0.* lan needs to be setup to forward all traffic for .1.* towards its local pi (lets call it .0.2)
the .1.* lan needs to be setup to forward all traffic for .0.* towards the pi local to that network (lets call it .1.2)

each pi is then setup to route the traffic via a gateway identified by the other pi's vpn address

some vpn's like openvpn can configure all of that automaticaly (within the pi itelf)

after that, you need to get the routing entries for everything on the lan, simplest is to it up in the main gateway at both ends

if its all done right, it just acts line one big lan, any pc on either side can ping any pc on the other side
Would you mind guiding me a little bit more? Got a PPTP server setup here and need to configure a Pi at the remote office.

crypiehef
Posts: 1
Joined: Thu Dec 05, 2013 3:39 pm

Re: Site-to-Site with 2 raspberry's (NATless)

Thu Dec 05, 2013 3:41 pm

I would also consider doing reverse autossh connections to and from each raspberry pi if you know what ports you need to access such as rdp, ssh etc..

Return to “Networking and servers”