Hi all I’m trying to get a grasp of if what I want to do is possible. And if so what this type of setup is called because Google is failing me in my search.
I have two sites I want to link together via VPN so remote site B’s workstations can connect to the file server and printer at site A.
The issue is that both sites are already established and messing with the existing network is going to be riddled with issues because there are multiple devices already connected to the cable modem router which isn’t in bridge mode.
So I’m hoping I can still connect both sites without having to put the ISP wifi router & gateway in to bridge mode and use a 2nd VPN capable network device to connect both sites through the ISP modem/gateway but still allow the the file and print sharing over the VPN.
If such a thing isn’t possible please let me know. If it is then I would prefer this setup over rebuilding the network at both sites by putting the ISP modems to gateway mode and buying new routing hardware. Thanks.
Shouldn’t have to mess with the routers beyond some port forwarding. Take a look at this guide: How To Set Up an OpenVPN Server on Ubuntu 18.04 | DigitalOcean
Once you set this up you should be able to specify the remote ip and connect to other site through the von
Keep in mind both sites can’t use the same IP network. When they both use 192.168.0.0/24 or so you have to renumber one side.
If your ISPs router can not be a VPN server or client I’d say get some Raspis and let them be a VPN gateway. To use them you have to be able to configure routing table entries on your ISPs routers. Afterwards you add route son each side for the other side and set the gateway to the raspberry pi.
https://community.openvpn.net/openvpn/wiki/RoutedLans
I hope this helps, it has helped many people route land over openvpn.
Are both sites using a combo modem/router?
What type of hardware/software are you planning to use? Raspberry Pi with OpenVPN? rPi with IPsec? Some Cisco device with IPsec?
So I decided to ditch the tp-link routers because they couldn’t do what I wanted and instead I’m just going with OpenVPN as a server/client setup which does exactly what I wanted the tp-link routers to do.
Thanks, if rasberry Pi’s will work that’s great I have a few of these. Is Vpn gateway is the keyword I’m looking for?
Both sites have Comcast business cable modems with wifi. I think they’re both Motorola branded as Xfinity routers. I know both sites have to have separate IP ranges, Comcast routers use 10.1.10.1 so i was going to keep the main site as that and switch the remote site to 10.2.10.1. my plan was to use a tplink r600vpn which does have ipsec. Would that work?
I’m not sure if it’s the right term. But since it does VPN and is a gateway I think the name checks out.
Config for example:
Site A network: 192.168.0.0/24
Gateway IP site A: 192.168.0.1
Raspi IP site A: 192.168.0.2
Site B network: 192.168.1.0/24
Gateway IP site B: 192.168.1.1
Raspi IP site B: 192.168.1.2
You need to configure the following routing entries:
Routes on gateway site A: 192.168.1.0/24 via 192.168.0.2
Routes on gateway site B: 192.168.0.0/24 via 192.168.1.1
IPv4 forwarding on both Raspberries has to be turned on. With that config your don’t need to add routes on clients and nobody knows that there is a VPN.
Yeah that should be okay.
You’ll need to use NAT-Traversal, and you’ll need to forward UDP ports 500 and 4500 to the tplink device on both sides.
On both sides, you’ll also then need to put in a static route for the other side’s IP range, with the tplink as the gateway.
That should be about it (obviously aside from actually configuring the IPsec connection.)
old post, but no, I ended up going with firewalla brand firewalls to setup the site to site vpn. They make a series of firewall/routers and we have firewalla golds setup on each site and they work fantastically. Firewalla.com is their site, they have a cel phone app and a web site for setting up and monitoring things remotely.