Site to site OpenVPN connects but I can only access the remote server and nothing behind it

Forums

Offline

Site to site OpenVPN connects but I can only access the remote server and nothing behind it

Resolved

0 votes

I have OpenVPN installed at a remote server and am easily able to connect to it via Mac and Windows. Now I want to create a link from the office to the site. I found all sorts of "How to" documents and came very close but was only able to connect to the OpenVPN server but nothing behind it. I believe it is a routing and/or iptables issue.

If anyone can post a working client config file, it would be greatly appreciated.

Thanks,

Greg

In OpenVPN

Friday, November 16 2018, 05:08 PM

Share this post:

Responses (6)

Accepted Answer
Nick Howitt

Offline
Thursday, December 13 2018, 03:04 PM - #Permalink
Resolved

0 votes

I've just add a line:
cipher AES-256-CBC
to the configs at both ends of the tunnel in the HowTo to mitigate the SWEET32 vulnerability. It needs to be added to both ends of the tunnel ot the tunnel won't come up.
The reply is currently minimized Show
Accepted Answer
Nick Howitt

Offline
Monday, December 10 2018, 08:26 AM - #Permalink
Resolved

0 votes

You should be able to set up custom FORWARD rules to block "NEW" packets from the power generation facility, either by IP/subnet, or, perhaps, the relevant tun interface.
The reply is currently minimized Show
Accepted Answer

GregMiller

Offline
Sunday, December 09 2018, 05:38 PM - #Permalink
Resolved

0 votes

Works great!!! I initially messed the config up and did not realize that each remote site needed its own config and port. Thank you for your help.

The server side is an unmanned power generation facility and the remote site is the corporate office. Now I would like to block access to the office from the site running the server. I want the remote site to access everything at the power generation facility but block access to the to the office from the server side. Field staff and contractors use the wifi at the site and I don't want them accessing file shares etc at head office.

Any assistance would be greatly appreciated.
The reply is currently minimized Show
Accepted Answer
Nick Howitt

Offline
Saturday, December 01 2018, 09:12 AM - #Permalink
Resolved

1 votes

Leave the current set up as it is and roadwarriors will work on the usual port. Use the instructions I linked to. You are setting up an extra connection using a different file in /etc/openvpn and a different port. The only extra thing you have to do in the firewall is open the new incoming port. All other rules are in place because of the roadwarrior set up.

[edit]
The config also looks after the routing.
[/edit]
The reply is currently minimized Show
Accepted Answer

GregMiller

Offline
Friday, November 30 2018, 10:06 PM - #Permalink
Resolved

0 votes

Thanks. I have reviewed the how to as well as many more. Most of the "How to" guides set up site to site without the OpenVPN plugin. In this case, I need the plugin to support the road warriors and other infrequent users. I have 2 locations where they would like the office connected. I am fairly certain that I am missing something with respect to iptables accepting and or forwarding traffic. I don't think I need NAT as it is just a different subnet. I have solved similar issues before with trial and error but this site is live and 2 hours away. I need to be careful as to not lock myself out.

Any assistance would be greatly appreciated.

Greg
The reply is currently minimized Show
Accepted Answer
Nick Howitt

Offline
Friday, November 16 2018, 05:20 PM - #Permalink
Resolved

0 votes

ClearOS HowTo
The reply is currently minimized Show