Hi, For a layer 2 connection use tap in stead of tun. I use both, tun for my regular road warriors and tap for my backup internet vpn in case my layer 2 WAN connection goes down. When using tap be aware of the pitfalls using a layer 2 WAN connection, like broadcasts etc. I use it on my small layer 2 router network where there are just a few router / devices.
Use different ports for the different simultaneous configurations. I use the default 1194 port for my road warriors and a different port for my WAN backup. Bonno Bloksma -----Oorspronkelijk bericht----- Van: Zesen Qian [mailto:openvpn-us...@riaqn.com] Verzonden: dinsdag 2 juni 2015 3:29 Aan: Bonno Bloksma CC: openvpn-users@lists.sourceforge.net Onderwerp: Re: [Openvpn-users] Site-to-Site configuration? Hello Bonno, Thanks for your help! Now I 've setup a working site-to-site config and I can ping from one site to another site. There still a small problem, though. Since it's a site-to-site config, I don't really need any IP address on either end of the tunnel. That is, I don't assign any IP address on server or client. I don't know if it's a bug or feature, but then I have to manually turn on the interface by "ip link set tun0 up" on both client and server. After that server can receive packets that is intended to the subnet on the server side. However, server seems not forwarding the packet from tun0 to the LAN interface. I 've already set 'sysctl net.conf.all.ip_forward=1'. Someone has any idea? any comment is appreciated. Bonno Bloksma <b.blok...@tio.nl> writes: > Hi, > > I use a server/client environment to have OpenVPN connect my 5 sites. Simply > set it up as if you would for 1 client. > Then make sure you set up routing correctly. Most of that is done > using the iroute statement, best is to use 1 config file per client in > a ccd directory. > Remember, routing consists of 2 parts with openvpn. The OS needs to > know to send packets to the Openvpn interface, OpenVPN needs to know > which client has which network behind it. Using iroute wil let OpenVPN > set it up fout you for the most part. > Use a push-route in your server config to let the clients know what the > network behind the server is. > > What platform will you use for this? Redhat, Debian, etc? Or a non Linux > platform? > > > Met vriendelijke groet, > Bonno Bloksma > senior systeembeheerder > > tio > university of applied sciences > begijnenhof 8-12 / 5611 el eindhoven > t +31 (0)40-296 28 28 > b.blok...@tio.nl / www.tio.nl > > Volg ons op Twitter / Facebook / LinkedIn / YouTube > > -----Oorspronkelijk bericht----- > Van: Zesen Qian [mailto:openvpn-us...@riaqn.com] > Verzonden: vrijdag 29 mei 2015 16:59 > Aan: openvpn-users@lists.sourceforge.net > Onderwerp: [Openvpn-users] Site-to-Site configuration? > > Hello, > I 've just switched from IPsec(strongswan) to OpenVPN, and I want to > configure a site-to-site setup. I googled for it but find nothing. > There 're only tutorials for some GUI based configuration, but I need > the 'openvpn.conf' example. > Thanks! ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
