Tweet
Is it possible to create an OpenVPN tunnel for two-way traffic? In my case, the USA office needs to connect to Canada to access the ERP, and the Canadian office needs access to the USA to access their ERP. The ERP systems are not the same. Both offices have Untangle for the firewall
-
-
They are all two way tunnels. (request and respond). Depending if NAT is on with OpenVPN. With NAT on, you will need routing rules.Attention: Support and help on the Untangle Forums is provided by
volunteers and community members like yourself.
If you need Untangle support please call or email [email protected] -
Point of clarity: all split-tunnel VPN connections are two-way, meaning that each end is able to communicate with the other end. Full-tunnel is one-way by definition, sending all traffic from Site A through to Site B, but not vice versa.
A common gotcha with VPN connections is failing to ensure you've got routes on each side. The Exported Networks tab in OpenVPN > Server determines which routes are created to that server. For example, if your US NG Firewall is the server end and is exporting 10.0.0.0/24, that means it is providing a route to the Canadian end (the client) saying 'whenever traffic is destined for 10.0.0.0/24, send it across the tunnel'.
When you create the remote client config file, you're asked for Remote Network(s): that is the subnet(s) at the client's end, which needs to be routable-to by the server end. Continuing the above example, say your Canadian side uses the subnet 172.16.0.0./24. You'd configure that as the Remote Networks attribute, which instructs the server 'traffic destined to 172.16.0.0/24 goes across this tunnel'.Græme Ravenscroft • Technical Marketing Engineer
('gram', like the unit of measurement)
he/him
How can we make Arista ETM products better?Comment
Comment