Topic: Two Sme servers in remote office

[smnirosh]

We have one sme server in our office (let's say Server A). It configured as a Gateway server and local user credentials are saved in this server. Other offices use OpenVpn bridge to connect to this server and save data on ibays.

We have planned to serve a server with Sme serve 9.x  at one office to save relevant documents needed by them. Can i configure this new server to always connected to Server A using Openvpn, then all users in two offices can share files between them.? how to configure this server to implement this senario? What about user loggin process then?

[guest22]

Maybe you want to take a look at Nextcloud federation..?

[smnirosh]

I don't think other softwares are needed. But i want to get the fully instructed and recommended help from Contrib products.

[stephdl]

Can i configure this new server to always connected to Server A using Openvpn, then all users in two offices can share files between them.? how to configure this server to implement this senario? What about user loggin process then?

this is what openvpn-s2s is designed : https://wiki.contribs.org/OpenVPN_SiteToSite

I suppose that you must share the same list of users between the two servers, I must say I never played with this contribs

[smnirosh]

Ok i will pay attention to this answer. And I want to know that if I implement this s2s environment, the users who are not in this relevant two offices (where there is no server) can connect with their normal openvpn logging method?

[stephdl]

S2s works on the port 1195 and open-vpn bridge on 1194

You can use both at the same time

[smnirosh]

Ok stephdl. Thanks very much foe the advise. I will begin to implement it and let you know. Have a nice day

[Jean-Philippe Pialasse]

I have a network of sme server on multiple site using openvpn-s2s. I also have roadwarriors connecting to main site with bridge. Also i have the routed contribs installed to help ios client to connect, as this is the only openvpn protocol they allow.

All working together greatly !

[smnirosh]

Here I am again, one of my friend (who is also new to Sme server) suggesting me to configure an ip-address range which is in the same subnet, to the openvpn bridge (eg: local ip address range 192.168.200.200-192.168.200.250, openvpn bridge range 192.168.200.50-192.168.200.100). My question is, which will be cause to speed the openvpn or damage the anatomy of structure of Opnvpn?

[guest22]

smnirosh, could you please try to create a schema drawing? It would help for clarity and could then be used as an example.

TIA

https://www.draw.io/

[Daniel B.]

Indeed, a schema could help us understand what you want to achieve. There are 2 different VPN involved here, and which are completely independant: OpenVPN Site to Site canill be used to setup a permanent VPN between 2 SME servers. OpenVPN Bridge is for clients to connect on one of the SME (but will be able to reach the second one through the permanent, s2s connection too)

[smnirosh]

I have attached my network backbone. As explained by Daniel, I am clear with idea. But I want to know is it ok to configure openvpn bridge ip range as same range as LAN side of the server? Same ip range for server (subnet) and same ip range for openvpn (subnet)

[Daniel B.]

By design, in bridge mode, you must configure an IP range on the same subnet as the LAN. Just be sure to use a separated range from the standard DHCP. Eg DHCP use 192.168.200.10-192.168.200.50 and VPN 192.168.200.51-192.168.200.80

Note: on your schema, it doesn't make a lot of sense 192.168.200.50/24 and 192.168.200.200/24. Both of those are the same as 192.168.200.0/24

[guest22]

Note: on your schema, it doesn't make a lot of sense 192.168.200.50/24 and 192.168.200.200/24. Both of those are the same as 192.168.200.0/24

I was looking at that, a complete subnet notation should be 192.168.200.0/24 and NOT specify the complete IP address. Right?

[Daniel B.]

I was looking at that, a complete subnet notation should be 192.168.200.0/24 and NOT specify the complete IP address. Right?

Technically it should yes.

[smnirosh]

Ok I got an answer. Thanks very much.

[guest22]

?

[smnirosh]