logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

Title: Connecting VPN Between Two Networks (DOM & COMPANY) with OpenVPN, NAT & Limited Public IP

Kosher76 6765 6
ADVERTISEMENT
Treść została przetłumaczona polish » english Zobacz oryginalną wersję tematu
Reply | New topic
  • #1 17081416
    Kosher76
    Level 11  
    Hello,

    1. Two LANs, both with Internet access

    a. in one permanent public IP - "DOM"
    b. in the other, from the WAN side, a private, imposed IP address (no access to the edge router) - "COMPANY"

    2. Server (www, ftp etc.), behind NAT, in a network without public IP ("COMPANY" network)

    3. The edge router in the network with public IP has the option of setting up an OpenVPN (tomato) server. ("DOM" network)

    I attach a diagram (as I could, I did so ;) )

    Questions:

    1. Am I able to access the server behind NAT in the "FIRM" network by connecting over the public IP of the "DOM" network and redirecting traffic through the VPN tunnel on the "DOM" edge router VPN server?

    2. What should be the addressing of both LANs, assuming that the private WAN IP in the "COMPANY" network is imposed? Of course I know that the WAN and LAN networks "COMPANY" must be in different networks :)

    a. LAN "COMPANY" and "HOME" - the same
    b. LAN "COMPANY" and "DOM" - different

    Title: Connecting VPN Between Two Networks (DOM & COMPANY) with OpenVPN, NAT & Limited Public IP
  • ADVERTISEMENT
  • Helpful post
    #2 17081499
    xury
    Automation specialist
    For OpenVPN to work, you need to put an OpenVPN server on a router with a public IP.
    The OpenVPN client may be behind a firewall, behind NAT, etc.
    However, for access to both LANs to work, you need to properly set routing and firewall rules. I don't know about tomatoes. There is a good toutorial of Cezary at Openwrt at eko.one.pl
  • ADVERTISEMENT
  • Helpful post
    #3 17081720
    m.jastrzebski
    Network and Internet specialist
    Can be. A question of configuration. Just be aware that you would have a permanent home-business connection. I mean the VPN would always be connected.

    In the company, there must be a VPN client on the private IP that connects to the server at home. But when you are at home, you cannot click connect. He must himself, automatically, always try to connect.
    If you put the server on the router, every household member will also have access to the company, unless you arrange it on the firewall.
  • ADVERTISEMENT
  • #4 17081765
    Kosher76
    Level 11  
    m.jastrzebski wrote:
    Can be. A question of configuration. Just be aware that you would have a permanent home-business connection. I mean the VPN would always be connected.

    Is this permanent connection a problem? In what sense? In terms of continuous link load, a security problem, another problem?
    m.jastrzebski wrote:
    In the company, there must be a VPN client on the private IP that connects to the server at home. But when you are at home, you cannot click connect. He must himself, automatically, always try to connect.

    My guess is that either the OpenVPN client itself or cron will do the trick?
    ---
    Assuming that in the "COMPANY" network

    WAN = 192.168.0.1/24
    LAN = 192.168.1.1/24

    it's in the 'DOM' network

    LAN = 192.168.1.1/24 or should it be different from this network, e.g. 192.168.2.1/24?
  • ADVERTISEMENT
  • Helpful post
    #5 17081786
    m.jastrzebski
    Network and Internet specialist
    Kosher76 wrote:

    Is this permanent connection a problem? In what sense? In terms of continuous link load, a security problem, another problem?

    The network load is rather minimal. I wouldn't worry about that.
    Potentially Safety (unless you configure the firewall correctly) otherwise the computers at home and the company will see each other - e.g. the boss / employee will see what dirty movies you share with DNLA ;-)

    Company's policy? I don't know what the company is.

    Addressing to be agreed. Router, contrary to what most people think, is a contraption for connecting different networks with different addresses, so it should generally be fine. The question is what are these routers.
  • #6 17081870
    Kosher76
    Level 11  
    m.jastrzebski wrote:
    The question is what are these routers.


    Routers are simple home appliances. On the "DOM" side to Netgear R7000 with Tomato uploaded, and on the 'COMPANY' side, it is TP-Link Archer C2.

    In fact, on both sides, it is only about making the Internet available to several clients, while the server is to be a host of virtual machines for learning how to use and configure.
  • #7 17088435
    Kosher76
    Level 11  
    Since I have a problem with configuring OpenVPN on the client side (Ubuntu 17.10 is Debian or Centos for now), I have a question whether to use TUN or TAP for my needs? In fact, at the current stage, the TAP + static key worked perfectly on Windows 10, unfortunately the same configuration on Ubuntu does not work.

    Apart from installing openvpn on Ubuntu, do I need to configure anything? (Pure client 17/10).

    What is the simplest configuration to start with so that it works?

    I configured everything using this tutorial: https://learntomato.com/how-to-setup-a-vpn-server-with-tomato-openvpn/
Reply | New topic
Report a violation of the law

Topic summary

The discussion revolves around setting up a VPN connection between two networks, "DOM" with a public IP and "COMPANY" with a private IP behind NAT. The user seeks to access a server located in the "COMPANY" network through the "DOM" network's OpenVPN server. Key points include the necessity of proper routing and firewall configurations to facilitate access, the requirement for a VPN client on the "COMPANY" side to maintain a persistent connection, and considerations regarding network addressing. The user also inquires about the configuration of OpenVPN on Ubuntu, specifically whether to use TUN or TAP, and seeks guidance on the simplest setup for successful connectivity.
Summary generated by the language model.
ADVERTISEMENT