Routing between multiple OVPN's...

mhyll · Fri Feb 10, 2017 4:12 am

Okay...the config...

Central MKT (RB3011) - LAN 192.168.3.10/24, OVPN IP 10.168.3.1/24 (pool 10.168.3.2-10.168.3.254)
Branch 1 MKT (hAP AC) - LAN 192.168.31.1/24, OVPN IP dynamic from pool on central, PRINTER IP: 192.168.31.3
Branch 2 MKT (hAP AC) - LAN 192.168.32.1/24, OVPN IP dynamic from pool on central, PRINTER IP: 192.168.32.3
+ some OpenVPN GUI clients on notebooks...

What Firewall filters and NAT filters do I need to setup, to allow PC from Branch 2 to print (and ping for diag.) on printer on Branch 1? Branch 1 and 2 are connected to central MKT, I can ping devices from central to both Branch1 and Branch2, from Branch1 to central and from Branch2 to central. But not from Branch1 to Branch2 and opposite. If possible, I would like to do it without any src/dstnat's. You can start as configuring from scratch (assumng the VPN's are connected).

In summary, from PC with IP 192.168.31.xxx in Branch1 I need to ping printer in Branch2 with IP 192.168.32.3 using just existing VPN connections...so the route somehow should be B1->Central->B2. I have setup the routes for 192.168.32.0/24 on B1 (or 192.168.31.0/24 on B2) to gateway=central_mkt (not IP but VPN interface name)...but no luck.