[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Connecting two openvpn servers as a bridge

  • Subject: [Openvpn-users] Connecting two openvpn servers as a bridge
  • From: Gerard Beekmans <gerard@xxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 18 Jul 2006 10:37:19 -0600

Hi guys,

I haven't been able to find an answer by reading the manuals and HOWTOs 
so I'm hoping one of you guys can steer me in the right direction.

The company I work for has two locations with a bunch of servers. Each 
location has an OpenVPN server running. Clients currently connect to 
either of the VPN servers depending on which services they are trying to 
connect to.

What needs to be done is connect the two VPN servers together in a 
bridge configuration. The idea behind this is that this way anybody who 
works in one of the offices can see all the machines in the other 
location. And remote users only need to connect to one of the two VPN 
servers and be able to communicate with the other location as well.

I've read the bridge HOWTO and setting up the bridge in itself seems 
easy to do. The part that I am unsure about is how this will affect all 
the remote users.

One of the servers has to be put into a bridge client configuration so 
it can talk to the bridge server. When one of the openvpn servers goes 
into bridge client mode, can/will it still function as a server to other 

As I understand it, the bridge server itself will still accept 
human-clients so to speak, as long as those clients are configured to be 
a bridge client rather than the current routing client setup.

If a bridge client can no longer function as a server to other "human 
clients," what would be the best way to go about it?

One solution that came to mind is to create a separate configuration 
file for the openvpn-to-openvpn bridge connection and use a different 
port. This way regular "human clients" can still connect to the server 
instance that runs on the default port. All those human clients can 
remain unchanged, keep using the 'tun' device and nobody has to worry 
about reconfiguring any of the clients.

I'm still hoping for a way to use one instance of the openvpn program 
that can handle both situations.

If the above option of using a separate instance for the bridge 
connection is the best way to go about it, would it then make more sense 
to make that a point-to-point setup rather than a client/server setup?

Thanks for any pointers in getting this setup.

Gerard Beekmans

/* If Linux doesn't have the solution, you have the wrong problem */

OpenVPN mailing lists