Koozali.org: home of the SME Server

Obsolete Releases => SME 9.x Contribs => Topic started by: gavan_white on August 13, 2016, 04:41:03 PM

Title: [Solved] Openvpn s2s on sever only install
Post by: gavan_white on August 13, 2016, 04:41:03 PM

Hi. I have a server only install at each end of my openvpn s2s. Everything connects well. My problem is the comment in the contrib:
"If your server is in serveronly mode, you'll have to add the same routes in the device which acts as the default gateway of your local network, using the IP of your SME Server as the gateway"
I cannot ping either side from the other and am not sure how I 'add the same routes ...." to allow the SME to pass traffic to the local network. My modems do the DHCP for the networks.

Can anyone help as to whether this is adding a route to my modem, if this is what is meant? Would it be easier to change the SME to server/gateway-local and use this to run the DHCP?

Thanks for any help. My lack of knowledge is fairly obvious!

Title: Re: Openvpn s2s on sever only install
Post by: Jean-Philippe Pialasse on August 14, 2016, 01:48:05 PM

Well you need to act on the device in charge of you internet connection, most likely a router to forward the port used by s2s to the lan ip of you Sme server acting as s2s server.

Title: Re: Openvpn s2s on sever only install
Post by: Daniel B. on August 15, 2016, 10:55:40 AM

Quote from: gavan_white on August 13, 2016, 04:41:03 PM

I cannot ping either side from the other and am not sure how I 'add the same routes ...." to allow the SME to pass traffic to the local network. My modems do the DHCP for the networks.

You first need to have the tunnel up, and be able to ping from server to server using their virtual IP. Once you got this working, you'll have to add new routes on your gateway device, but don't bother with it until the tunnel is up and running

Title: Re: Openvpn s2s on sever only install
Post by: gavan_white on August 16, 2016, 02:46:42 AM

With my setup, I can ping server to server (sorry, I should have had this in my initial post) and the correct port is forwarded to the modem. I would be grateful if you could explain about setting up the routes on the gateway (modem).
Thanks.

Title: Re: Openvpn s2s on sever only install
Post by: Daniel B. on August 16, 2016, 08:11:57 AM

Say you are in this situation: You have 2 servers. SME1 and SME2. SME1 local network is 192.168.1.0/24 on which SME is using 192.168.1.254. SME2 local network is 192.168.2.0/24 on which SME is using 192.168.2.254. As both of those SME are serveronly, you have a modem/router acting as a gateway for those network. On the gateway router on site 1 (where SME 1 is), you need to add a static route:

• Network: 192.168.2.0
• Mask: 255.255.255.0
• Gateway: 192.168.1.254

And, on the other site, you have to do the same

• Network: 192.168.1.0
• Mask: 255.255.255.0
• Gateway: 192.168.2.254

This is needed because for all your other devices on a network, packets which are not addressed to the local network are sent to the default gateway (your NAT router). When the destination is the remote end of the VPN, your router needs to know that it must send this to SME and not to your ISP. The procedure for adding route can change from one router to an other, but is usually straight forward.

Title: Re: Openvpn s2s on sever only install
Post by: gavan_white on August 16, 2016, 11:46:14 AM

That is excellent, thanks.  :-P
That solves my problem completely. Great help.

Title: Re: Openvpn s2s on sever only install
Post by: ReetP on August 18, 2016, 09:15:41 PM

Can you change the topic and add Solved please ?

Thanks

Title: Re: [Solved] Openvpn s2s on sever only install
Post by: Stefano on August 18, 2016, 09:39:39 PM

done