1
Virtual private networks / Re: 2nd OpnVPN Client-to-site server make 1rst OpnVPN Site-to-Site not routing
« on: August 18, 2021, 10:08:09 pm »
Hi,
the IPv4 Tunnel Network should be 192.168.1.0/30... than you have max to hosts in the network (192.168.1.1 and 192.168.1.2). Than you can push routes for both sides
Datacenter (192.168.0.0/24) example:
Client side:
push "route 192.168.0.0 255.255.255.0"
and on the client side the way back. Also have in mind to create firewall rules.
For the second tunnel you can use next /30 netmask 192.168.1.5 - 192.168.1.6 192.168.1.4/30...
If you choose /24 in your example it didn't work because the client get an dynamic adresse...
Br Andreas
the IPv4 Tunnel Network should be 192.168.1.0/30... than you have max to hosts in the network (192.168.1.1 and 192.168.1.2). Than you can push routes for both sides
Datacenter (192.168.0.0/24) example:
Code: [Select]
dev ovpns5
verb 3
dev-type tun
dev-node /dev/tun5
writepid /var/run/openvpn_server5.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-128-CBC
auth SHA256
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
local 192.168.181.20
tls-server
ifconfig 192.168.1.1 192.168.1.2
tls-verify "deleted"
lport 1198
management /var/etc/openvpn/server5.sock unix
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.3.0 255.255.255.0"
Client side:
push "route 192.168.0.0 255.255.255.0"
and on the client side the way back. Also have in mind to create firewall rules.
For the second tunnel you can use next /30 netmask 192.168.1.5 - 192.168.1.6 192.168.1.4/30...
If you choose /24 in your example it didn't work because the client get an dynamic adresse...
Br Andreas