2
2
I have two sites, A and B, like shown in the diagram below
+-+------------------------------------------------------------------+
| | |OTHER DEVICES |
| | |:-) SITE A: 128.66.32.0/24 | |
| | +-------+ PUBLIC DNS: SITEA.EXAMPLE.ORG |
| | | | PORT FORWARDING CUSTOMIZABLE |
| | | | DYNAMIC IP / DDNS |
| +------------+ | |
| | |
| +---------------+----+-------------------+---------+-------------+ |
| | | | |
| RASPBERRY PI | PRINTER | | ROUTER/GW |
| 128.66.32.18 | 128.66.32.3 | | 128.66.32.1|
| +------------+ | +----------+ | | +----------+
| | | | | | | | | |
| | | | | | | | | |
| | +--+ | +----+ +----+ |
| | | | | | |
+-+------------+-----------+----------+-------------------+----------+
+-----------------------------+-------------+------------+----------+
| SITE B: 128.66.55.0/24 | | | |
| NO DNS | | | |
| FIREWALLED BY ISP +-----+ | +---+ |
| DYNAMIC IP | +-------------+ | | |
| PUBLIC IP 10.0.0.0/8 | LAPTOP | | |
| | DHCP | +----------+
| | | ROUTER/GW |
| | | 128.66.55.1|
| | | |
| ++-------------------+-------------------+--------+-----------+ |
| | | |
| | | |
| | NAS | RASPBERRY PI |
| | 128.66.55.23 | 128.66.55.18 |
| | +-------------+ | +-----------+ |
| | | | | | | |
| +--+ | +------+ | |
| | | | | |
+------+-------------+-----------------------------+-----------+----+
What I basically want is to peerly connect the two sites. A VPN can allow me to access any host within A while being in B.
In theory, a VPN link established between A and B should allow any device in A to type ping 128.66.55.x
and see data.
Since I have two spare Raspberry Pi machines I want to unleash them and establish a permanent and transparent VPN link, so anybody will get a zero-configuration link between the two sites.
As you have seen, one of the sites is not addressable: can work only as a client because ISP provides a private IP address shared among several customers.
Homework I did
I have examined OpenVPN documentation and got an idea on how to configure the Pi
s one as server and one as client. Then while I wait for traveling to A to deploy the Raspberry server and port-forward it, I have other oubts. I will be ready to leave an SSH channel open to administer the Raspberry while I'm out.
Pending questions:
I am a bit rusty about networking, as I attended classes many years ago.
- Can OpenVPN be used for peering two sites in a VPN? Or am I following the wrong path?
- I know I need to have a routing rule between
eth0
andtun
adapters on both devices. Does OpenVPN do it for me or do I need to use iptables? - In order to make the VPN transparent, I don't remember if I have to set a static route on the main gateways (e.g. route 128.66.55.0/24 via 128.66.32.18) or the Raspberries should broadcast the route within their
eth0
network. Which of the two?
Basically I need to remotely print, access NAS and so on
Here is how I do it on my RPi linux server, it isn't exactly what you want, but it might help you or others: My 404 page pings my other servers, and if it founds the failed directory, it redirects to that (and creates a fake directory with PHP redirection, so it only pings once if it exists). This is a bad approach, but it works, and it is just intranet of our home network. – Ave – 2016-02-18T00:01:09.507