OpenVPN and Site to Site Connection
Hi,
I encounter issue to allow openvpn client to access branch.
The idea is to allow user accessing branch via OpenVPN that connected to HQ
My current config
Site to Site VPN (IPSec)
From HQ to Branch
OpenVPN.
From outside/client to HQ.
HQ: 175.139.x.x
Local IP: 192.168.1.0/24
Branch OCI: 168.138.x.x
Local IP: 10.2.0.0/16, 10.3.0.0/16, 10.4.0.0/19
OpenVPN
192.168.10.0
But from user whos using openvpn, client unable to ping/remote.
Not sure what left need to configure.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thanks for posting in our business forum.
AmirulRahman wrote
Did all the suggested but I still unable to ping from Client to branch.
Thanks btw.
Seem must be something to do in client.ovpn setting.
I added both local ip: 192.168.1.0 and 192.168.10.0
The question is in your OVPN setup, Local Networks, do you have these subnets selected? That's why my setup guide recommends you use WireGuard. In OVPN server, you might not have the available networks. If these subnets are excluded in the Local Networks, you don't have the proper routings so you cannot access the branch subnets.
You might create the VLAN interfaces yourself to make it available to pick in the Local Networks but this is something I cannot recall effective or not. I remember I suggested this before but not sure about this anymore. Anyway, I'd prefer/recommend WG in this situation.
- Copy Link
- Report Inappropriate Content
Hi @Clive_A
Actually, your guide is correct. After a few days of rest, slowly look back at all the configurations included on the branch site.
I realize a few things about the branch site router.
1. I haven't allowed my OpenVPN ports 1199 and 1194
2. I haven't allowed local VPN IP (192.168.10.0/24).
On client vpn, wrongly put the IP address. Supposing you add the branch subnet
1. route 10.2.0.0 255.255.0.0
2. route 10.3.0.0 255.255.0.0
3. route 10.4.0.0 255.255.0.0
After that, everything worked like charms.
Thanks again.
- Copy Link
- Report Inappropriate Content
@Clive_A have this guide. this is for wireguard but should also work with OpenVPN I guess. jump down to step 3
https://community.tp-link.com/en/business/forum/topic/647042
- Copy Link
- Report Inappropriate Content
Did all the suggested but I still unable to ping from Client to branch.
Thanks btw.
Seem must be something to do in client.ovpn setting.
I added both local ip: 192.168.1.0 and 192.168.10.0
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
AmirulRahman wrote
Did all the suggested but I still unable to ping from Client to branch.
Thanks btw.
Seem must be something to do in client.ovpn setting.
I added both local ip: 192.168.1.0 and 192.168.10.0
The question is in your OVPN setup, Local Networks, do you have these subnets selected? That's why my setup guide recommends you use WireGuard. In OVPN server, you might not have the available networks. If these subnets are excluded in the Local Networks, you don't have the proper routings so you cannot access the branch subnets.
You might create the VLAN interfaces yourself to make it available to pick in the Local Networks but this is something I cannot recall effective or not. I remember I suggested this before but not sure about this anymore. Anyway, I'd prefer/recommend WG in this situation.
- Copy Link
- Report Inappropriate Content
Hi @Clive_A
Actually, your guide is correct. After a few days of rest, slowly look back at all the configurations included on the branch site.
I realize a few things about the branch site router.
1. I haven't allowed my OpenVPN ports 1199 and 1194
2. I haven't allowed local VPN IP (192.168.10.0/24).
On client vpn, wrongly put the IP address. Supposing you add the branch subnet
1. route 10.2.0.0 255.255.0.0
2. route 10.3.0.0 255.255.0.0
3. route 10.4.0.0 255.255.0.0
After that, everything worked like charms.
Thanks again.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 701
Replies: 4
Voters 0
No one has voted for it yet.