Apologies if this is a FAQ but I did not find it in the answers, hence, I'm positing it here. I have a following scenario and I am curious how can I use OpenVPN-(AS) to solve my issue.
- I have two Application servers in two different LANs, separated by WAN, that need to communicate with each other over around 2500 different ports.
- Both of them have Static IP addressing and IP addresses cannot be changed on the fly.
- I only have SSL port open for me to communicate with over.
Questions:
- Can I build a SSL tunnel using OpenVPN to do what I need?
- will the following OpenVPN-AS scenario work?
Scenario:
- I setup a publicly visible
VPN Server(vpnserver.somedomain.com) - Make Application servers on both sides and connect to this publicly visible VPN server using the OpenVPN-Client.
- Connect from
Application server 1toApplication Server 2just like they can see each other.
Is this feasible with OpenVPN, and if so, are there any pointers on how to achieve this?
Best Answer
Yes you can do what's in your scenario. Read this and enable "client-to-client" in your config.
You only need to set up the config, generate the certs (easy-rsa, very simple), and start the processes. Just don't forget the "client-to-client" option in the config file.
The other possibility is to set up server on one of the servers, and client on another (if you have a free port visible from outside on one of them - if you only have tcp/443 it's not such a good idea, since tcp-over-tcp has alot of overhead, but will still work, if there is no better solution).