All the examples about OpenVPN I have read so far either show "A client connecting to a Server(Point-To-Point)" or "Two networks are connected with each other(Bridge)".
What I want to achieve is, I want to connect 10 server-machines, each running at different ISPs. The connections between these server-machines should be secured. What I have not understood at all is, which of the server-machines will be the OpenVPN client and which one will be the OpenVPN server? The final solution should allow me to setup an infrastructre, where all the server-machines will have a private IP address and form their own "private/virtual network" (in the range 10.0.0.0/24):
Server 1 (Public IP: xxx.xxx.xxx.xxx) => Private IP 10.0.0.1
Server 2 (Public IP: xxx.xxx.xxx.xxx) => Private IP 10.0.0.2
Server 3 (Public IP: xxx.xxx.xxx.xxx) => Private IP 10.0.0.3
Server 4 (Public IP: xxx.xxx.xxx.xxx) => Private IP 10.0.0.4
(So in the end a server-machine will have a public and a private IP). And whats so important in my case: The machine are not located in their own physical network (like an office), but rathere they are all spread over to different ISPs and can only be reached via their public IP => For this case I have not found any tutorials/documentation yet. (This seems to be some form of Multi-Point-to-Point?)
My question is: What do I have to do in OpenVPN to set this up? Will every server require both a client and server to be installed/configured? How do I have to do the "wiring" between them? Will every "server-machine" run an OpenVPN client and an OpenVPN server process, whereby the client will be connected to all the other server OpenVPN instances? So I have to configure on all server-machines the client to connect to all other server-machines (to the corresponding OpenVPN Server process)?
Thank you for your advice
Francois
Best Answer
The easiest way I can see to do this is to designate one server as the router. This runs the OpenVPN server. Then you set up each other server with the client software using a "road warrior" setup. If your router pushes the routing rules properly (big if) then all the clients should be able to communicate with each other.
Your "router" server will be the bottleneck, because all traffic will be going through it.
If you want a fully meshed setup then you will likely need each of your 10 servers to act both as a server (for the other 9 machines) and as a client (to the other 9 machines). I think this is possible but it looks hideous.