Topic: Two Sme servers in remote office - part 2

[smnirosh]

this question is referes to the old post that I've made before about installing openvpn s2s to connect two branches.

As Stephdl advised me, i followed the link he attached : - https://wiki.contribs.org/OpenVPN_SiteToSite.

I have main server already installed and it has ip address of 192.168.50./24 (domain is MECHDESIGN.IT, server name is MAIN) and I have two doubts of configuring the second server (ip address is 192.168.60.0/24),
1. I must configure the same userlist on this server? is there any specific configuration or just type the names and passwords in web gui (server-manager)?
2. i am willing to put the server name as PRODU. How can i configure the server name and domain name in server configuration phrase of installation.?

[Jean-Philippe Pialasse]

this question is referes to the old post that I've made before about installing openvpn s2s to connect two branches.

As Stephdl advised me, i followed the link he attached : - https://wiki.contribs.org/OpenVPN_SiteToSite.

for reference : https://forums.contribs.org/index.php/topic,53006.msg273912.html#msg273912

I have main server already installed and it has ip address of 192.168.50./24 (domain is MECHDESIGN.IT, server name is MAIN) and I have two doubts of configuring the second server (ip address is 192.168.60.0/24),
1. I must configure the same userlist on this server? is there any specific configuration or just type the names and passwords in web gui (server-manager)?

you could but this is not mandatory.
I mean if you only need the tunnel to allow all the user of the two sites to access to the main server, then you do not need to have all the users also on the second server.

As an example users of site 2 might need to have their own files on server 2, and also access to main server so they wil be on both servers, while users on main site only need to access to main server and will be only on main server.

If you need to have users on both ends, there must be different way (maybe affa), but the easiest way  I can think is lazy admin tools. You could backup db accounts and file shadow (with encrypted password). Then filter only the user and group you need to have on second server and restore the user accounts and password. That way you do not need to know their passwords. https://wiki.contribs.org/Lazy_Admin_Tools

A drawback of this would user having email account on the two servers ... few way to solves this...
- delegate emails to main server so all are connecting to main server to have thei emails
- forward emails to main server on server 2 for users of main site, and smae thing in the other direction for user of site 2.

Also if they want to change their password they will need to do it twice !

2. i am willing to put the server name as PRODU. How can i configure the server name and domain name in server configuration phrase of installation.?

go to console, select configure this server. Enter domain name, then enter server name when asked.

[smnirosh]

Thanks very much Jean. You have suggest me things in most useful way.
1. As you said, i am willing to create usernames in two servers but without use of Lazy tools. Bcos some mobile users works in two locations, (sometimes main office and sometimes Production office.)
2. Email configuration is not needed. we are using register.it email service.

3. The only thing is to i have to change passwords twice.
4. i configured the new server as (PROD) servername and as (MECHDESIGN.IT) domain name. The fqdn is prod.mechdesign.it.

done configuring. now it has to be translocated.

[smnirosh]

Is there any way to change the Openvpn 1194 port to 1190 or something other?

[Daniel B.]

In openvpn s2s, you can choose the port used by each daemon right from the panel in the server manager

[janet]

smnirosh

You need to read the wiki article, as Daniel says, the port can be specified in server manager panel (but the port number  should be the same both ends)

https://wiki.contribs.org/OpenVPN_SiteToSite.

Make sure to read the Note in server manager panel  that warns the port specified cannot be in use by another server or   by any other services

[Jean-Philippe Pialasse]

Thanks very much Jean. You have suggest me things in most useful way.
1. As you said, i am willing to create usernames in two servers but without use of Lazy tools.

LAT would have save you time adding manually the users on second server, and would allow you to do this without knowing the password of your users.

3. The only thing is to i have to change passwords twice.

unfortunately there is nothing to do with this, either users have to change them twice, either if you are the one changing passwords, you could script this using LAT to propagate.

done configuring. now it has to be translocated.

good to know.

[smnirosh]

Good morning everybody, i am sorry that my question is misunderstood bcos i have not mentioned the openvpn contrib.
I asked this question about Openvpn bridge not about s2s.

[Daniel B.]

The original topic talks about OpenVPN s2s, you should open a new topic. But yes, you can change the port (see https://wiki.contribs.org/OpenVPN_Bridge#Advanced_configuration)

Code: [Select]

db configuration setprop openvpn-bridge UDPPort 1190
signal-event openvpn-bridge-update


[smnirosh]

Ok Daniel B, thanks very much anyway. If i have some other questions about Openvpn Bridge, i will begin a new topic.