Blog / Home
About
Media Gallery

Welcome
to
Thronic.com

ժʝ_

OpenVPN site-to-site


This is a general reference for creating an OpenVPN site-to-site/point-to-point setup. Adapt as needed with firewall rules and what platform you're running on. This is one of the easiest ways, as it uses static key configuration.

-----------------------------------------------------
| Generate a security key and copy it to both sites |
-----------------------------------------------------
# openvpn --genkey --secret /etc/openvpn/vpn.key

--------------------------------------------------
| Enable gateway functionality and subnet access |
--------------------------------------------------
# echo 1 > /proc/sys/net/ipv4/ip_forward

----------
| Site-A |
----------
Router/Gateway: 192.168.1.1
WAN-Address: site-a.mydomain.com

--------------------------------
| OpenVPN Configuration Site-A |
--------------------------------
remote site-a.mydomain.com 8001
port 8001
dev tun
ifconfig 10.0.0.1 10.0.0.2
persist-tun
persist-key
cipher AES-256-CBC
comp-lzo
secret /etc/openvpn/vpn.key
route 192.168.2.0 255.255.255.0
user nobody
group nogroup
log-append /var/log/openvpn/vpn.log
verb 1

-----------
| Site-B: |
-----------
Router/Gateway: 192.168.2.1
WAN-Address: site-b.mydomain.com

------------------
| Config Site-B: |
------------------
remote site-b.mydomain.com 8001
port 8001
dev tun
ifconfig 10.0.0.2 10.0.0.1
persist-tun
persist-key
cipher AES-256-CBC
comp-lzo
secret /etc/openvpn/vpn.key
route 192.168.1.0 255.255.255.0
user nobody
group nogroup
log-append /var/log/openvpn/vpn.log
verb 1

NOTES:
- Drop user, group if using Windows.
- Drop "remote" if acting as a server, but both can be clients and servers for eachother.
- Can drop route and gateway (ip_forward) if only endpoint connection is enough.
- Official point-to-point quick reference starting point PDF.


Original Post: Jan 26th, '22 16:05 CET.
Updated: Jan 26th, '22 16:09 CET.

Windows GNU/Linux
π