Site-to-Site Open VPN allows you to create a single VPN endpoint for a local network through which any local user can connect to the Virtual Office.
When the Site to Site Open VPN endpoint has been configured, a virtual image is generated, which must then be downloaded and run on any VMware virtual machine software.
Using Site-to-Site Open VPN is not recommended in a test environment.
However, during a disaster, it can provide valuable services in the following situations:
- When a disaster occurs in an organization with two (or more) sites linked together in a corporate network. A Site‑to‑Site VPN connection can be configured that recreates the corporate network for the unavailable physical site.
- When a site is being rebuilt after a disaster and users can physically use the site itself, but not the servers. A Site‑to‑Site VPN connection can be configured as a replacement while the servers are being rebuilt.
For the Site-to-Site Open VPN feature to work, Port Forwarding must be enabled.
When it is enabled, you can continue to configure the Site-to-Site Open VPN.
1. Enable the Port Forwarding feature according to the instructions listed in the Port Forwarding section.
2. After Port Forwarding has been enabled, click the Edit button in the Site-to-Site Open VPN section.
3. In the Site to Site Open VPN section, update the following fields:
- Enable the Site-to-Site Open VPN option.
- Optionally, in the Whitelisted IPs field, add an IP address that can access the Virtual Office. Only IP addresses from this list can access the Virtual Office. Click Add Another to whitelist additional IP addresses.
- Configure the Endpoint, including:
- In the Endpoint Name field, enter the desired name for the Endpoint.
- Optionally, in the Key Password field, set a password for the SSL RSA key. If configured, this password will be required to log in to the VPN.
- In the Configuring Using section, use the radio buttons to select whether to configure using a Static IP address or DHCP.
- In the Gateway field, enter the gateway IP address.
- In the Netmask field, enter the netmask value.
- In the IP of Endpoint field, enter the IP address of the Endpoint (static IP address only). This address should be on a different subnet than that of the Virtual Office. For example, if the Virtual Office IP address is 192.168.99.2, configure the endpoint address to 126.96.36.199.
- In the DNS (Static IP Only) field, enter the IP address of the DNS server.
- Once configured correctly, click the Add Endpoint button, or click the Done button.
4. When Site-to-Site VPN settings are configured, click the Download Client link to download the virtual image. This image should be deployed at the desired location using any VMware virtual machine software.
When the virtual machine is deployed, all local devices must have their gateway changed to the IP address of the endpoint.
The message will be formatted as follows:
“Open VPN Connect *** ESTABLISHED ***”
Please add <Virtual Office Subnet> netmask <Host Machine Netmask> gw <Host Machine Gateway> to your subnet router.