Vpn Site-To-Site Setup - Novell OPEN WORKGROUP SUITE SMALL BUSINESS EDITION 9.3 - INSTALLATION AND ADMINISTRATION GUIDE 10-2007 Administration Manual

NOTE: Because traffic is routed through the server, be sure to enable IP Forwarding when
configuring the second NIC.

14.4.2 VPN Site-to-Site Setup

The process of setting up a site-to-site VPN between two NOWS SBE servers is to create two client-
to-server VPNs between the servers in opposite directions.
1 Synchronize the time between the two servers by using ntpdate.
2 In the NOWS SBE Web administration tool, install Firewall (IPTables) and VPN Server
(OpenVPN) on both Server A and Server B.
2a For Server A, replace auto in the Virtual IP Address Network field with a distinct
segment address, such as 172.16.150.0.
2b For Server B, replace auto in the Virtual IP Address Network field with a distinct
segment address, such as 172.16.151.0.
2c Replace auto in the VPN Network Mask field with the appropriate mask, such as
255.255.255.0.
2d Verify that Allow VPN Clients Access to Internal Network is selected.
3 From Server A's Web administration tool, create a client key for Server B to use.
3a Go to Products and Service > VPN Server (OpenVPN) > Administrative Console > Open
VPN Key Management.
3b Specify a unique name and select Generate.
Using the name of Server B helps maintain organization.
3c Select Windows Client and Configuration to download and save the Windows client .zip
file. The filename is based on the unique name selected.
4 Copy the client .zip file to /etc/openvpn on Server B.
5 Extract the client .zip file into the /etc/openvpn folder using the command unzip
unique_name_client.zip. If desired, delete the Windows install files.
6 Rename (mv) or copy (cp) the unique_name.ovpn file to client.conf.
7 Using a text editor, such as vi, open the server.conf file and comment out the second to
the last line with a # symbol. This prevents the VPN from pushing the public route to the other
server and allows each server to access the public network directly.
8 Create a client key for Server A to use by repeating
tool.
9 Finalize Server A's configuration by repeating
complete, each server should have a server.conf and a client.conf file in the /etc/
openvpn/ directory.
10 Restart OpenVPN on each server by using /etc/init.d/openvpn restart.
You should now have a functioning two-way VPN tunnel. Each server should push its private
routes to the other.
11 Test the connection by pinging a host on Network A from Server B, and a host on Network B
from Server A.
Step 3 from Server B's Web administration
Step 4 through Step 7 on Server A. When
VPN Server (OpenVPN) 81