Topic: OpenVPN site to site

[CKConsulting]

I have a VPN setup from SME7 to SME7.  hanscees.com "how to" Works Great.  I'd like to open up netbios trafic so I can add one PC to the domain on the other side side of the VPN.

I've searched the OpenVPN page but I'm missing something.

Thanks,
Rick

[hanscees]

I have a VPN setup from SME7 to SME7.  hanscees.com "how to" Works Great.  I'd like to open up netbios trafic so I can add one PC to the domain on the other side side of the VPN.

I've searched the OpenVPN page but I'm missing something.

Thanks,
Rick

Nice to see my howto works in practice.

Netbios should work fine over the tunnel, except for broadcast traffic. You should see the tunnel as an internal  network behind a router.

So what does not work?

Hans-Cees

[CKConsulting]

When I try to add the PC to the domain on the other side it doesn't  find the domain?  I can ping the server by name and IP ok, and I can see all the other devices with netscan.

One issue I did have with the how to, was adding a local network.  The how to  states to use the "gateway 10.4.0.2" was not able to do this I had to use the lan ip of the gateway server 10.22.22.1.

"For the route above to stick between events on the sme7 machine you will need to add the VPN address range on the other side of the tunnel as a local networks in the server-manager (https://yoursme7server/server-manager, login as admin)under the Security section. Add a local network "10.22.22.0" with gateway "10.4.0.2""

Thanks
Rick

[hanscees]

When I try to add the PC to the domain on the other side it doesn't  find the domain?  I can ping the server by name and IP ok, and I can see all the other devices with netscan.

I have no idea. I think you will have to troubleshoot like it is a pc on the local lan. Does it have a machine in id the domain and so on. Does the dns work properly, etc.

One issue I did have with the how to, was adding a local network.  The how to  states to use the "gateway 10.4.0.2" was not able to do this I had to use the lan ip of the gateway server 10.22.22.1.

"For the route above to stick between events on the sme7 machine you will need to add the VPN address range on the other side of the tunnel as a local networks in the server-manager (https://yoursme7server/server-manager, login as admin)under the Security section. Add a local network "10.22.22.0" with gateway "10.4.0.2""

Thanks
Rick

I will change this, thanks.

[CKConsulting]

Getting further, but still need help.
I missed a step.
"Route add -net 10.12.12.0 netmask 255.255.255.0 gw 10.4.0.1"

When I add this all is well in the world, when I reboot I lose the above statment and have to re-enter it again, then all is well.

Option #1 is to hire someone to sit in front of the machine and type this command after a reboot.  Pay isn't much and the hours are long, since times between reboots can be months.

I hope some one has an option #2

Thanks,
Rick

[jester]

Hiya all,

I've tried this setup (site-to-site) but won't work and i'm getting the following line in my messages log:

Jun 14 14:55:52 MyServer openvpn[4486]: TCP/UDP: Incoming packet rejected from xxx.xxx.xxx.xxx:37095[2], expected peer address: xxx.xxx.xxx.xxx:1195 (allow this incoming source address/port by removing --remote or adding --float)

If i change my client.conf and use: remote xxx.xxxx.xxx.xxx 37095
in stead of the described set-up: 1195 (usually 1194 but i want to use this standard port for road-warrior access) i can ping the other lan. Also i still cannot add these networks to my 'local networks' in the server-manager.

Anyone?!

Regards,
jester.

[mchauvel]

hello.

I've create a sito to site using openvpn. I can ping the both server... but impossible two access anything behind the both LAN..
I've a mac, and i want to access the other lan and impossible to access the ibay on the second lan....

And another problem on SME 7rc3. impossible to add in sever-manager the onther LAN : 192.168.0.0 255.255.255.0 10.4.0.1

I don't understand.

Config :
Lan1 (client)                                                       Lan2 (server)
192.168.1.10-192.168.1.1-myFaiIp--secondFaiIp-192.168.0.1-192.168.0.x


Any idea...???

Thx for your help

[CKConsulting]

I made a few changes to hansee's How To, most are highlighted in yellow.
http://www.doerr.biz/sme/openvpn.html

Try adding the local network with the IP address of your server 192.168.x.x instead of the 10.4.0.x

I also added the route in the .up files.

Rick

[darmasanthi]

I made a few changes to hansee's How To, most are highlighted in yellow.
http://www.doerr.biz/sme/openvpn.html

Try adding the local network with the IP address of your server 192.168.x.x instead of the 10.4.0.x

I also added the route in the .up files.

Rick

I was try to login to the link, but there is no nothing ...

regards,
darmasanthi

[crazybob]

try http://www.doerr.biz/sme/openvpn-Site2Site.htm

Bob

[darmasanthi]

try http://www.doerr.biz/sme/openvpn-Site2Site.htm

Bob

Thank you BOB, it's work .. GREAT FULLY ...

If you don't mind:
- is there any HowTo for looking the ibays from client "A" to Client "B", also from client "B" to client "A"?
- and MySQL Mirroring / SMEServer Mirroring (server Mirror)

Regards,
darmasanthi

[darmasanthi]

try http://www.doerr.biz/sme/openvpn-Site2Site.htm

Bob

Hi, bob

I have read the how to from http://www.doerr.biz/sme/openvpn-Site2Site.htm
but, once question .. on : what is mean on the yellow mark bellow :

•   We have two seperate networks that are connected over the internet. We will call one sme7 server "client" and the other "server". This is true and not:-)?
Considering openvpn they are equals, not really server/client/ But considering tls (ssl), the protocol that secures the VPN by encryption and authentication via certificates, "server" is the server and client the client.
•   Sme7 client is at 213.22.22.2. Sme7 server is at 213.11.11.1
•   The openvpn tunnel we will set up has an internal ip-addres on server: 10.1.1.1
The openvpn tunnel we will set up has an internal ip-addres on client: 10.1.1.2
•   Behind the sme7-server the internal network is 10.12.12.0. Server has 192.11.11.1.
Behind the sme7-client the internal network is 10.22.22.0. Server has 192.22.22.2.

Let assume, when i have internal client with IP 192.168.0.0/24 on server side, it's mean i have to change the 192.11.11.1 with 192.168.0.1
and on the client side VPN i have 192.168.10.0/24 internal client, it's mean the 192.22.22.2 become 192.168.10.2

And : what is mean :

For the route above to stick between events on the sme7 machine you will need to add the VPN address range on the other side of the tunnel as a local networks in the server-manager (https://yoursme7server/server-manager, login as admin)under the Security section. Add a local network "192.22.22.0" with gateway "192.1.1.1" also add a local network "10.1.1.0" with gateway "192.1.1.1"

cause I got these error when trying to make route :

Operation status report
Error: router address is not accessible from local network. Did not add network.

Regards,
darmasanthi