1

I have three different locations (A, B, C) and one rented VPS (D). I want to create a virtual network so that all locations can reach each other. I've read up on VPN not but I've never set it up. As I understand it, OpenVPN is the recommended tool to use. I plan to use routers (Asus RT-AC66U to be precise) that support OpenVPN, on the three locations that I have access to (the VPS is rented so I don't control that network).

My questions are:

  1. How do I set this up? Do all routers act as servers and clients, or should I consider one of the locations the server, and the rest clients? I.e. do I need A->B, A->C, A->D, B->A, B->C (and so on..) or should I use one as server (A for example) and set it up as B->A, C->A, D->A.

  2. I only want to route the "local" traffic via VPN - the internet traffic doesn't need to pass through any other locations, because I fear that it would slow things down. Is this possible? If yes, do I have to configure this in all clients?

  3. Is Hamachi a viable alternative to my proposed solution, and would you consider it a better or worse solution?

  4. And lastly I have a question that might be difficult to answer. The VPS that is rented is only accessible to me via a VPN (pptp) that the provider has provided me with. Will it still be possible for that server to join this virtual network via OpenVPN?

Update: I want this to be a set-and-forget solution that is always up. Each location has approx 10+ clients (Windows computers, printers etc.) that need to be reachable from all locations. The routers are DHCP providers.

Adam Gerthel
  • 151
  • 2
  • 9
  • My only concern is that you need to VPN to the VPS to access it... can you access the VPS publicly at all? What I mean is if you were to install OpenVPN server on the VPS and have all the client networks connect to that (to make a hub and spoke network) would you be able to connect to the server at all if none of it is publicly accessible (i.e. need the VPN to get tot he VPS - I've never heard of this as most VPSs have some publicly accessible methods - such as a web server - or they're usually pretty well open and up to you to manage it all)... – Kinnectus Sep 05 '16 at 10:54
  • I just e-mailed the provider and I think that the VPN is just used when accessing the server via RDP (it's a managed server, that they are responsible for). Either way, I guess that if I installed an OpenVPN client on the server, and the server would connect to the network (location 'A'), then it would be accessible on that virtual network right? – Adam Gerthel Sep 05 '16 at 10:56
  • I would use the VPS as a OpenVPN server (the "hub") - you'll need to create three subnets for your "spoke" sites and you can then get the OpenVPN server to route between the subnets allowing the networks to communicate. – Kinnectus Sep 05 '16 at 11:05
  • @BigChris thanks, that does sound like the best option! – Adam Gerthel Sep 05 '16 at 11:42

2 Answers2

1

After receiving comments and suggestions this is what I consider the answer to my question:

  1. Use one of the locations (preferably the VPS Server) as the OpenVPN server. Let the other locations be OpenVPN clients that connect to D. I.e. A->D, B->D, C->D. Use routing mode if you don't have specific broadcast needs (see https://community.openvpn.net/openvpn/wiki/BridgingAndRouting).

  2. Yes, you will have to set it up on the clients. How to do it depends on the client OS etc. See OpenVPN: Only route a specific IP addresses through VPN? and similar.

  3. A worse solution since you want a set-and-forget solution. Hamachi is better for temporary networks or for clients that regularly change location.

  4. You should be able to connect to it as long as your VPN is allowed through their firewall.

Community
  • 1
Adam Gerthel
  • 151
  • 2
  • 9
0

Hamachi is the easiest solution for what you need. practically, you create the network at any of the locations, set a password, then join it from any other location.

Since the VPN will depend on the target locations for client the configuration, it will be over-difficult to do what you want. An all towards one area solution is possible (like B->A, C->A, D->A in your example) and in this case clients would get IP addresses from the same subnet, therefore being accessible between each other, but there is no reason to over-complicate things.

-Updated after comments- In that case... open a browser and access router settings To set up the VPN server at one of the locations where you have such a router:

  1. Click "VPN Server" on the Advanced Settings menu on the left panel.

  2. On the "Enable PPTP Server" item, select "Enable".

  3. Select type of Broadcast Support.

  4. Select type of Force MPPE Encyrption.

  5. Type a range of IP addresses for the VPN clients. Example: 192.168.10.2 to 192.168.10.12. Note that as a VPN server, the ASUS router can assign only a maximum number of ten IP addresses.

  6. Input a username and password for VPN clients. A maximum of ten usernames and passwords can be added.

  7. Apply and save everything and check your WAN address. That will be the address the rest of the clients will connect to.

  8. From the other locations add the necessary info to the VPN client tab. More specifically, Manually set-up VPN - No software. Copy and paste the server IP address that you previously seen to be the WAN address of the server.

That's all.

Overmind
  • 9,924
  • 4
  • 25
  • 38
  • I've only read up a tiny bit on Hamachi - but won't I have to run Hamachi on each client on each network? Or atleast use some kind of Hamachi server/gateway? Each of my locations have atleast 10 clients each, including printers etc. that the different locations need to be able to reach. Also - I was thinking to use 'routed' mode instead of 'bridged' mode (as seen in http://superuser.com/a/98174/482346) – Adam Gerthel Sep 05 '16 at 10:49
  • You will have to run a VPN client (like CISCO's or other free client) if you don't run hamachi so you might as well use this one. Either way, you still need something installed. I think hamachi was limited to 16 clients last time I checked but that can be extended as non-free option. – Overmind Sep 05 '16 at 10:53
  • But I have routers that support VPN already - doesn't that mean that clients wouldn't have to run any VPN software? – Adam Gerthel Sep 05 '16 at 10:54
  • Usually, the connection is made via client software. CISCO is currently testing a way to allow clients various services without the need of a client (directly from web page) but from my initial tests it's not a too reliable option. What type/model of router is providing your VPN ? – Overmind Sep 05 '16 at 10:57
  • Asus RT-AC66U. But I think most routers that support DD-WRT or equivalent support VPN (server and client) – Adam Gerthel Sep 05 '16 at 11:23
  • Now it's clear, I have updated the answer accordingly. – Overmind Sep 06 '16 at 07:49
  • Thank you for the update. It describes how to set up a VPN on my router yes, but doesn't answer my four questions. I've added an answer myself - from the help of both yours and other comments. – Adam Gerthel Sep 06 '16 at 09:02
  • Now all is centralized. You just need to go and test. Good luck and tell us of the results. – Overmind Sep 07 '16 at 10:53