Obsolete Releases > SME 8.x Contribs
server-manager acces via Open VPN client
bbialy:
Hello,
i have one SME server (let's call ServerA ) OpenVPN bridge contrib installed.
Mode server-gateway
Public IP XXX.XXX.XXX.XXX
Lan 172.16.16.1/X
Open VPN DHCP Range 172.16.16.10-30
second SME (ServerB)
in server-only behind NAT
LAN IP: 10.10.10.200
on serverB i have installed openvpn (from smecontribs)
- i have autolaunch script for bringing tap0 interface after start.
I can ping ServerA from Server B and oposite way.
How to access to server-manager on serverB from ServerA (or other openVPN client to server A)
i know it is connected with firewall settings becouse if i will switch off masq - it works ! I mean I have access to server-manager
--- Code: ---/etc.init.d/masq stop
--- End code ---
but it is not good solution
i also tried via localnetworks LAN 172.16.16.0/255.255.255.0 thrugh 172.16.16.10 - but SME says that 172.16.16.10 i not reachable - and from eth0 point of view it is correct :-)
I just don't know how to do it in SME way !! :D
all tips are very welcome
if someone will ask why to do it. I need to set (asterisk) IAX2 trunks between those two servers. it also would be nice have ability to manage server over VPN
in location of serverB i don't have access to router and also don't have fixed public IP
Daniel B.:
If you want to connect two servers, you'd better use the Site2Site OpenVPN contrib: http://wiki.contribs.org/OpenVPN_SiteToSite
For VoIP, I recommand to also disable the outbound SNAT option, as explained http://wiki.contribs.org/OpenVPN_SiteToSite#Additional_options (db openvpn-s2s myvpn SnatOutbound disabled). FOr IAX2 it shouldn't be an issue, but for SIP you'll have a few problem when SNAT is active.
You can use both contrib (bridge and Site2Site) at the same time, as long as you use different ports (the default UDP/1194 is used for bridge, you can use 1195 for example for Site2site)
Regards, Daniel
bbialy:
I was thinking about Siet2Site but my problem is that I don't have fixed public IP on ServerB site
Additionally I also don't have access to router/firewall in ServerB site to make port forward
OpenVPNBridge works perfect behind NAT
that's why i asked how to add tap0 interface as Local Innterface.
I also checked possibility to use bridge interface but LAn subnets doesn't match.
I found in /etc/init.d/network sth like vpninterface maybe this is the clue
--- Code: ---
vlaninterfaces=""
vpninterfaces=""
xdslinterfaces=""
bridgeinterfaces=""
--- End code ---
but /etc/ini.d/networks starts quite fast (before openvpn is able to set connection) - so this is not too logical solution, isn't it?.
maybe im able to add some iptables rules after ovpn starts but don't know which one and how to.
Daniel B.:
--- Quote from: bbialy on July 30, 2013, 02:40:01 PM ---I was thinking about Siet2Site but my problem is that I don't have fixed public IP on ServerB site
--- End quote ---
No problem, just use ServerB as the OpenVPN client
--- Quote from: bbialy on July 30, 2013, 02:40:01 PM ---Additionally I also don't have access to router/firewall in ServerB site to make port forward
--- End quote ---
If ServerB is a client, the VPN connexion will an outgoing one, no need to add any port forwarding
--- Quote from: bbialy on July 30, 2013, 02:40:01 PM ---OpenVPNBridge works perfect behind NAT
--- End quote ---
Just as the Site2Site one
you do not want to use the bridge contrib for that. It's working in layer 2 (same broadcast domain). Site2Site is really made for what you want, working in routing mode
Daniel B.:
Forgot to add: Site2Site will configure the firewall for you, once the VPN is established, all the traffic between the two servers (and their local networks) will be allowed, without anything to configure manually
Navigation
[0] Message Index
[#] Next page
Go to full version