Site-to-Multi Site OpenVPN Solution with MySQL DB
Introduction
??? ??? ???? ???? ??????? ??????? 10000 ????? ??? 256 bit Encrypted ??  Compressed Traffics ??? ?????? ?????? ?? ??? ???????? ????? ?????? ???? ?????????. ??? CentOS ?? Open VPN GPL License ???? ??????? ???? .. ??? ??????? ????? Servers ??? ????? ADSL/ Leased Line ?????? ?? ? ???????? ????? ???? ???? ???? ... !
???? ????? IPSec, L2TP, PPTP ???? ???? ???? VPN ?????? ???????? ??? ??????? ?? ??? ????? ???? ???? ..!?????? ?????? ??? ??????? ?????? ?  ???????? ?? ??? ??????? ??????? ??????? ?? ???? ??????? ??????? ..!
A Virtual Private Network (VPN) can be thought of as a secure tunnel which connects two nodes through an insecure connection (although it has other uses not related to security). This can be as simple as securely connecting a road warrior and his/her laptop back to the home office's network or as complex as linking multiple entire networks together.
To accomplish this, we can employ one of OpenVPN's two different modes: routed or bridged. Bridging, as the name implies, simply extends the server's network (via the OpenVPN machine) to the client that's connecting. It's quick and easy to set up, but has limited scalability as the network grows.
Bridging also expands the broadcast domain as broadcasts are sent through the tunnel since connected clients are assigned IP addresses in the same subnet as the server's network. This is great for services and protocols that rely on it like SMB (Windows file-sharing) . But in a broadcast-heavy environment, that extra traffic over an encrypted tunnel can take its toll on performance.
Routing, on the other hand, is a bit trickier to set up, requiring access to both the client and server side routers. But it scales well and separates both the client network and the server network in to separate broadcast domains.
Sample Diagram Configuration
Main Access Server Office Network (Left Bottom Corner)
Router/Firewall’s Public IP Address: 112.135.73.26
Port Forwarding for UDP Port 1194: 112.135.73.26 to 192.168.0.200 (UDP Port: 1194)
Router/Firewall’s LAN IP Address: 192.168.0.1 Router/Firewall’s Subnet Mask: 255.255.255.0 (/24)
OpenVPN Access Server’s LAN IP Address: 192.168.0.200
OpenVPN Access Server’s Subnet Mask: 255.255.255.0 (/24)
OpenVPN Access Server’s Default Gateway: 192.168.0.1
Database and File Server’ 1/2?s LAN IP Address: 192.168.0.3 / 192.168.0.4
LAN 1/2?s Subnet Mask: 255.255.255.0 (/24) LAN 1/2?s
Default Gateway: 192.168.0.1
Client VPN Server Office Network (Right Bottom Corner)
Router/Firewall’s LAN IP Address: 10.10.10.1
Router/Firewall’s Subnet Mask: 255.255.255.0 (/24)
OpenVPN Client Server’s LAN IP Address: 10.10.10.2 OpenVPN Client Server’s Subnet Mask: 255.255.255.0 (/24) OpenVPN Client Server’s Default Gateway: 10.10.10.1
Client VPN Server Office Network (Right Top Corner)
Router/Firewall’s LAN IP Address: 20.20.20.1
Router/Firewall’s Subnet Mask: 255.255.255.0 (/24)
OpenVPN Client Server’s LAN IP Address: 20.20.20.2 
OpenVPN Client Server’s Subnet Mask: 255.255.255.0 (/24) 
OpenVPN Client Server’s Default Gateway: 20.20.20.1
The diagram above depicts a typical site-to-multi site layer 3(L3) routing setup. In order to complete this setup, all of the following requirements must be met:
1. You have three sites, each one connected to the Internet. One site will be hosting the Access Server and other two sites will be hosting the OpenVPN client Servers.
2. The site hosting the Access Server must be accessible from the Internet, or have its required ports forwarded to it from the Internet.
3. The OpenVPN client servers must have IP forwarding enabled, as well as openvpn installed, and running a Linux operating system (per these instructions).
4. You must have administrative access to the OpenVPN Client Server machines, including uploading files and SSH/SFTP access.
Troubleshooting
1. There are quite a few pieces that have to play nicely together to get OpenVPN working correctly. Here are a few tools that come in handy if things don't work smoothly right out of the gates.
2. Check the OpenVPN logs There is lots of good information in there that can point you right to the problem. This is especially handy when tweaking the config files.
3. Increase the verbosity This will show you more of what OpenVPN is thinking. A verbosity level of 5 or 6 is pretty handy for high level checking, anything higher is great for really tracking where packets are going.
4. Use "tcpdump" tcpdump is a great network troubleshooting tool, especially since both OpenVPN machines are acting as routers. Check the tcpdump man page for more details.
5. Take baby steps! Build up the VPN incrementally and test the connection along the way. (i.e. bring up
			
									
									
						Site-to-Multi Site OpenVPN Solution with MySQL DB
- nwclasantha
- Posts: 75
- Joined: Wed Apr 24, 2013 12:57 am
- Location: Malabe
- nwclasantha
- Posts: 75
- Joined: Wed Apr 24, 2013 12:57 am
- Location: Malabe
Re: Site-to-Multi Site OpenVPN Solution with MySQL DB
????????? ????????? ???? ???? ??? ????? ??????? ?????? ??? ????????? ??? ????? ??? Virtually ??? ??????? ??????? .!
?????? ????? ??????? ?? 256 Bit Encryption ???? ????????.
??? ????? VPN Data Traffic ?? Compressed ???? ????? ??????? ?? ???? ?????? ??? ??? ????? ??????? ????? ..????????? ???? ??????? ???? Routing ?? ???? ???? ???? ??????????????? ..??? Layer 3 ?? ??????????? ?? .
?????? UDP / TCP ?????????? ??????? ?????? ???? ???? ?????? ?? .
? ??? ? ???????????? ??? ?????? VPN ???? ??????? ??? ??????? ??????? ???? ???????? ???? ????????? ..!
??? ??????? ?? ??? ???? ???????? ?????? ????? .
??? ??????????? ?? ????? ???? IPtables Firewall ?? ?? ??????? ???? ????? ???????????? ??????????..
			
									
									
						?????? ????? ??????? ?? 256 Bit Encryption ???? ????????.
??? ????? VPN Data Traffic ?? Compressed ???? ????? ??????? ?? ???? ?????? ??? ??? ????? ??????? ????? ..????????? ???? ??????? ???? Routing ?? ???? ???? ???? ??????????????? ..??? Layer 3 ?? ??????????? ?? .
?????? UDP / TCP ?????????? ??????? ?????? ???? ???? ?????? ?? .
? ??? ? ???????????? ??? ?????? VPN ???? ??????? ??? ??????? ??????? ???? ???????? ???? ????????? ..!
??? ??????? ?? ??? ???? ???????? ?????? ????? .
??? ??????????? ?? ????? ???? IPtables Firewall ?? ?? ??????? ???? ????? ???????????? ??????????..

