Topic: [Solved] Openvpn s2s on sever only install

[gavan_white]

Hi. I have a server only install at each end of my openvpn s2s. Everything connects well. My problem is the comment in the contrib:
"If your server is in serveronly mode, you'll have to add the same routes in the device which acts as the default gateway of your local network, using the IP of your SME Server as the gateway"
I cannot ping either side from the other and am not sure how I 'add the same routes ...." to allow the SME to pass traffic to the local network. My modems do the DHCP for the networks.

Can anyone help as to whether this is adding a route to my modem, if this is what is meant? Would it be easier to change the SME to server/gateway-local and use this to run the DHCP?

Thanks for any help. My lack of knowledge is fairly obvious!

[Jean-Philippe Pialasse]

Well you need to act on the device in charge of you internet connection, most likely a router to forward the port used by s2s to the lan ip of you Sme server acting as s2s server.

[Daniel B.]

I cannot ping either side from the other and am not sure how I 'add the same routes ...." to allow the SME to pass traffic to the local network. My modems do the DHCP for the networks.

You first need to have the tunnel up, and be able to ping from server to server using their virtual IP. Once you got this working, you'll have to add new routes on your gateway device, but don't bother with it until the tunnel is up and running

[gavan_white]

With my setup, I can ping server to server (sorry, I should have had this in my initial post) and the correct port is forwarded to the modem. I would be grateful if you could explain about setting up the routes on the gateway (modem).
Thanks.

[Daniel B.]

Say you are in this situation: You have 2 servers. SME1 and SME2. SME1 local network is 192.168.1.0/24 on which SME is using 192.168.1.254. SME2 local network is 192.168.2.0/24 on which SME is using 192.168.2.254. As both of those SME are serveronly, you have a modem/router acting as a gateway for those network. On the gateway router on site 1 (where SME 1 is), you need to add a static route:

• Network: 192.168.2.0
• Mask: 255.255.255.0
• Gateway: 192.168.1.254

And, on the other site, you have to do the same

• Network: 192.168.1.0
• Mask: 255.255.255.0
• Gateway: 192.168.2.254

This is needed because for all your other devices on a network, packets which are not addressed to the local network are sent to the default gateway (your NAT router). When the destination is the remote end of the VPN, your router needs to know that it must send this to SME and not to your ISP. The procedure for adding route can change from one router to an other, but is usually straight forward.

[gavan_white]

That is excellent, thanks. 
That solves my problem completely. Great help.

[ReetP]

Can you change the topic and add Solved please ?

Thanks

[Stefano]

done