Hi, Zesen Qian wrote: > Hello Bonno, > Thanks for your help! Now I 've setup a working site-to-site config and > I can ping from one site to another site. There still a small problem, > though. > Since it's a site-to-site config, I don't really need any IP address on > either end of the tunnel. That is, I don't assign any IP address on > server or client. I don't know if it's a bug or feature, but then I have > to manually turn on the interface by "ip link set tun0 up" on both client > and server. After that server can receive packets that is intended to the > subnet on the server side. > However, server seems not forwarding the packet from tun0 to the LAN > interface. I 've already set 'sysctl net.conf.all.ip_forward=1'. > Someone has any idea? any comment is appreciated. > > this is explained in detail in my OpenVPN 2 cookbook :)
yes, it's possible to not set an IP address on the endpoints, but yes you will need to explicitly bring up the link yourself. Also, when adding routes, make sure you explicitly specify the device using route add -net ... dev tun0 etc. Finally, make sure that your firewall/iptables rules allow traffic forwarding. HTH, JJK > Bonno Bloksma <b.blok...@tio.nl> writes: > > >> Hi, >> >> I use a server/client environment to have OpenVPN connect my 5 sites. Simply >> set it up as if you would for 1 client. >> Then make sure you set up routing correctly. Most of that is done >> using the iroute statement, best is to use 1 config file per client in >> a ccd directory. >> Remember, routing consists of 2 parts with openvpn. The OS needs to >> know to send packets to the Openvpn interface, OpenVPN needs to know >> which client has which network behind it. Using iroute wil let OpenVPN >> set it up fout you for the most part. >> Use a push-route in your server config to let the clients know what the >> network behind the server is. >> >> What platform will you use for this? Redhat, Debian, etc? Or a non Linux >> platform? >> >> >> Met vriendelijke groet, >> Bonno Bloksma >> senior systeembeheerder >> >> tio >> university of applied sciences >> begijnenhof 8-12 / 5611 el eindhoven >> t +31 (0)40-296 28 28 >> b.blok...@tio.nl / www.tio.nl >> >> Volg ons op Twitter / Facebook / LinkedIn / YouTube >> >> -----Oorspronkelijk bericht----- >> Van: Zesen Qian [mailto:openvpn-us...@riaqn.com] >> Verzonden: vrijdag 29 mei 2015 16:59 >> Aan: openvpn-users@lists.sourceforge.net >> Onderwerp: [Openvpn-users] Site-to-Site configuration? >> >> Hello, >> I 've just switched from IPsec(strongswan) to OpenVPN, and I want to >> configure a site-to-site setup. I googled for it but find nothing. >> There 're only tutorials for some GUI based configuration, but I need >> the 'openvpn.conf' example. >> Thanks! >> ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
