Openvpn lan-to-lan

elivale · Aug 22, 2024

Hello everyone, I need your help. I need to connect the head office with 3 branches via openvpn site-to-site freebsd 13 or 14.
Details: I know how to do client-side vpn but I've never done site-to-site.
Please, if anyone can help me, I'd be very grateful.

iRobbery · Aug 22, 2024

Site-to-Site Routing

openvpn.net

I reckon this is what you are looking for.

elivale · Aug 23, 2024

iRobbery said:
Site-to-Site Routing

openvpn.net

Acho que é isto que estás à procura.

I've tried this before and it's confusing, I'm new to freebsd.

covacat · Aug 23, 2024

on client you don't have to do anything special
on server i have this

Code:

client-config-dir ccd
client-connect ccd/c.sh
script-security 2

ccd/c.sh

Code:

#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
RNET="10.1.2.0/24"
if [ "$common_name" = "client-name-in-cert" ]
 then
  sudo  /sbin/route delete $RNET
  sudo  /sbin/route add $RNET $ifconfig_remote
 fi
exit 0

create a file ccd/client-name-in-cert

Code:

iroute 10.1.2.0 255.255.255.0
push "route 10.1.1.0 255.255.255.0"

10.1.1.0 is server lan, 10.1.2.0 is client lan
in /usr/local/etc/sudoers

Code:

openvpn ALL=(ALL) NOPASSWD:/sbin/route

replace client-name-in-cert with the CN of the client in certificate that you use for connection

elivale · Aug 25, 2024

Very grateful to everyone, resolved for now.

Openvpn lan-to-lan

elivale

iRobbery

Site-to-Site Routing

elivale

Site-to-Site Routing

covacat

elivale