OpenVPN Site-to-Site Setup
This is a general reference for creating an OpenVPN site-to-site/point-to-point setup. Adapt as needed with firewall rules and what platform you're running on. This is one of the easiest ways, as it uses static key configuration.
Generate a security key and copy it to both sites # openvpn --genkey --secret /etc/openvpn/vpn.key Enable gateway functionality and subnet access: # echo 1 > /proc/sys/net/ipv4/ip_forward Site-A: ======= Router/Gateway: 192.168.1.1 WAN-Address: site-a.mydomain.com OpenVPN Configuration Site-A: remote site-a.mydomain.com 8001 port 8001 dev tun ifconfig 10.0.0.1 10.0.0.2 persist-tun persist-key cipher AES-256-CBC comp-lzo secret /etc/openvpn/vpn.key route 192.168.2.0 255.255.255.0 user nobody group nogroup log-append /var/log/openvpn/vpn.log verb 1 Site-B: Router/Gateway: 192.168.2.1 WAN-Address: site-b.mydomain.com Config Site-B: remote site-b.mydomain.com 8001 port 8001 dev tun ifconfig 10.0.0.2 10.0.0.1 persist-tun persist-key cipher AES-256-CBC comp-lzo secret /etc/openvpn/vpn.key route 192.168.1.0 255.255.255.0 user nobody group nogroup log-append /var/log/openvpn/vpn.log verb 1
- Drop user, group if using Windows.
- Drop "remote" if acting as a server, but both can be clients and servers for eachother.
- Can drop route and gateway (ip_forward) if only endpoint connection is enough.
- Official point-to-point quick reference starting point PDF.