1. Manuals
  2. Brands
  3. Brocade Communications Systems Manuals
  4. Network Router
  5. 5600 vRouter
  6. Reference manual

Remote Access Operation - Brocade Communications Systems 5600 Reference Manual

Openvpn
Hide thumbs Also See for 5600:
Table of Contents

Advertisement

FIGURE 1 Site-to-site operation
At each of the two VPN tunnel endpoints, the OpenVPN process creates a routable "tunnel interface"
and establishes a secure tunnel with the other endpoint. Subsequently, the two interfaces appear to be
on the same network, although packets flowing between these two interfaces are actually processed
and sent through the secure tunnel by the OpenVPN process.
Note that each endpoint has two relevant IP addresses.
• The tunnel IP address: This address is the virtual IP address (VIP) on each end of the tunnel. The
tunnel IP address at each end of the tunnel must be on the same subnet. In the previous figure, the
tunnel IP addresses of the two endpoints are 192.168.200.1 and 192.168.200.2.
• The physical IP address: This address is the IP address that is configured for the physical network
interface over which the VPN tunnel is established. In the preceding figure, the physical IP addresses
of the two endpoints are 12.34.56.78 and 87.65.43.21.
In most operations, the VPN tunnel transports traffic from different private subnets across the wide area
network (WAN). In the preceding figure, each of the 192.168.100.0/24 and 192.168.101.0/24 private
subnets is "behind" a VPN tunnel endpoint. Therefore, on each endpoint, you must add a static route
that directs traffic to and from the remote private subnet through the tunnel interface.
In site-to-site mode, a single host can establish multiple OpenVPN tunnels, each of which may be to
distinct sites. Even if all tunnels originate from a single physical interface, each tunnel is represented by
a different tunnel interface IP address and operates independently.

Remote access operation

OpenVPN also supports remote access VPN that uses a client-server mode. In this mode, one
OpenVPN endpoint acts as the server and all remote endpoints operate as clients, which connect to the
OpenVPN server to establish VPN tunnels, so that each established client has an independent tunnel to
the server. The following figure shows a simple remote access VPN setup.
Brocade 5600 vRouter OpenVPN Reference Guide
53-1003719-03
Remote access operation
15

Advertisement

Table of Contents
loading

Related Manuals for Brocade Communications Systems 5600

Related Content for Brocade Communications Systems 5600

Table of Contents