i do have two sites that i would like to connect over internet through adsl connections.
site A has ip addressing 192.168.1.1 router (gw) and 5 computers. Server with IP 192.168.1.50
site B has ip addressing 192.168.2.1 router (gw) and 5 computers.
i would like to have computers from site A to talk to computers to site B.
my thinking is to have
PCs_siteA--raspberry(openvpn)--routerA==========Internet=======routerB--raspberry(openvpn)--PCs_siteB
eg router on site A will be 192.168.1.1, raspberry will be on 192.168.1.2 and PC 192.168.1.3-8. All PCs will have the router as default gateway. Same setup with IPs 192.168.2.0 applies to site B.
port forward for openvpn on both routers, then all computers can talk to each other and all access server 192.168.1.50
Is that correct or am i missing something?
-
binary_dreamer
- Posts: 12
- Joined: Tue Apr 17, 2012 12:57 pm
Re: vpn guidance
That looks correct.
A recommendation: do not use subnets 192.168.1.0 and 192.168.2.0 for your VPN because they are very common. Use higher numbres: 50 and 51, for example. If you need to connect to your VPN in the future from a hotel that uses the subnet 192.168.1.0 and you have used such a subnet in your VPN, you will be unable to access. So, use higher numbers for your subnets. So the probability of collision will be lower.
You have to define one RPi as server and the other as client. Port forwarding for OpenVPN will be required only in the server side. Configure your VPN as routed with TUN interfaces.
If you do not have a static public IP, you will need a DynDNS service too.
More info here:
https://openvpn.net/index.php/open-sour ... ml#vpntype
NOTE: some routers and firmwares support directly OpenVPN. I recommend TomatoUSB.
http://tomato.groov.pl/?page_id=164
A recommendation: do not use subnets 192.168.1.0 and 192.168.2.0 for your VPN because they are very common. Use higher numbres: 50 and 51, for example. If you need to connect to your VPN in the future from a hotel that uses the subnet 192.168.1.0 and you have used such a subnet in your VPN, you will be unable to access. So, use higher numbers for your subnets. So the probability of collision will be lower.
You have to define one RPi as server and the other as client. Port forwarding for OpenVPN will be required only in the server side. Configure your VPN as routed with TUN interfaces.
If you do not have a static public IP, you will need a DynDNS service too.
More info here:
https://openvpn.net/index.php/open-sour ... ml#vpntype
NOTE: some routers and firmwares support directly OpenVPN. I recommend TomatoUSB.
http://tomato.groov.pl/?page_id=164
-
binary_dreamer
- Posts: 12
- Joined: Tue Apr 17, 2012 12:57 pm
Re: vpn guidance
i am looking to have on the remote site a network drive that it will point to site's A fileserver
-
binary_dreamer
- Posts: 12
- Joined: Tue Apr 17, 2012 12:57 pm
Re: vpn guidance
thanks for the reply. the subnets are as examples only. the real ones are 172.16.
my question is for the clients in each subnet that have as default gateway the router and not the raspberry. how does the router will know where to send the routing?
my question is for the clients in each subnet that have as default gateway the router and not the raspberry. how does the router will know where to send the routing?
Re: vpn guidance
The easiest way is to add a static route to each router. Take a look to the menu of your router. Both routes added will be different.
The target subnet will be the other subnet. The gateway/next hop will be the IP addresss of the RPi. Define metric as 0.
The target subnet will be the other subnet. The gateway/next hop will be the IP addresss of the RPi. Define metric as 0.