OpenVPN Gateway to Gateway Setup

We have a scenario where we would like to have a "Site to Site" VPN connection.

Our Scenario:

# Side-A
Router/GW : 192.168.1.1
WAN-Addr : site-a.sysadmins.co.za
Tunnel Interface: 10.0.0.1
# Side-B:
Router/GW : 192.168.2.1
WAN-Addr : site-b.sysadmins.co.za
Tunnel Interface: 10.0.0.2

Side A

Dependencies:

$ groupadd nogroup
$ yum install openvpn -y
``` <p>

**Firewall Configuration:**

```language-bash
iptables -A INPUT -i ppp0 -p udp --dport 8001 -j ACCEPT
iptables -A INPUT -p icmp -s 10.0.0.2 -j ACCEPT
iptables -A FORWARD -i tun0 -s 10.0.0.2 -d 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -i tun0 -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
``` <p>

**Enable IP Routing:**

```language-bash
echo 1 > /proc/sys/net/ipv4/ip_forward
``` <p>

**Set Persistent Static Routes:**

```language-bash
cat > /etc/sysconfig/network-scripts/route-tun0 << EOF 
192.168.2.0/24 via 10.0.0.2
EOF

OpenVPN Config Side-A:

/etc/openvpn/server.conf

remote site-b.sysadmins.co.za
float
port 8001
dev tun
ifconfig 10.0.0.1 10.0.0.2
persist-tun
persist-local-ip
persist-remote-ip
comp-lzo
ping 15
secret /etc/openvpn/vpn.key
route 192.168.2.0 255.255.255.0
#chroot /tmp/openvpn
user nobody
group nogroup
log-append /var/log/openvpn/vpn.log
verb 1
``` <p>

>#### Side-B:

**Dependencies:**

```language-bash
$ groupadd nogroup
$ yum install openvpn -y
``` <p>

**Firewall Configuration:**

```language-bash
iptables -A INPUT -i ppp0 -p udp --dport 8001 -j ACCEPT
iptables -A INPUT -p icmp -s 10.0.0.1 -j ACCEPT
iptables -A FORWARD -i tun0 -s 10.0.0.1 -d 192.168.2.0/24 -j ACCEPT
iptables -A FORWARD -i tun0 -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
``` <p>

**Set Persistent Static Routing:**

```language-bash
cat > /etc/sysconfig/network-scripts/route-tun0 << EOF 
192.168.1.0/24 via 10.0.0.1
EOF

OpenVPN Config Side-B:

/etc/openvpn/server.conf

remote site-a.sysadmins.co.za
float
port 8001
dev tun
ifconfig 10.0.0.2 10.0.0.1
persist-tun
persist-local-ip
persist-remote-ip
comp-lzo
ping 15
secret /etc/openvpn/vpn.key
route 192.168.1.0 255.255.255.0
#chroot /tmp/openvpn
user nobody
group nogroup
log-append /var/log/openvpn/vpn.log
verb 1
``` <p>

**Enable IP Routing:**

```language-bash
echo 1 > /proc/sys/net/ipv4/ip_forward
``` <p>

**Generate Security Key:** 

Once generated, copy over to the other host:

```language-bash
# on site-a:
$ openvpn --genkey --secret /etc/openvpn/vpn.key
$ chmod 0400 /etc/openvpn/vpn.key

$ scp /etc/openvpn/vpn.key root@site-b.sysadmins.co.za:/etc/openvpn/vpn.key
``` <p>

**Start VPN at Boot:**

```language-bash
$ chkconfig openvpn on
$ service openvpn restart

$ vi /etc/default/openvpn
AUTOSTART="vpn"

As soon as openvpn has been started on both ends, the connection should be established, and you will be able to confirm to see if the tunnel interfaces is up which we have specified in the configuration.