The document describes the configuration of an OpenVPN site-to-site VPN tunnel between two networks (Side A and Side B). Key steps include generating and sharing a security key between the sites, configuring firewall rules and routing on each side, and starting the OpenVPN service to establish the encrypted tunnel between the 10.0.0.1 and 10.0.0.2 addresses. Once configured, connectivity between the 192.168.1.0/24 and 192.168.2.0/24 networks can be tested using ping and traceroute.

1. OpenVPN site to site setup
Side-A:
Router/Gateway: 192.168.1.1
WAN-Address: het-a.zeldor.biz
Firewall:
iptables -A INPUT -i ppp0 -p udp --dport 8001 -j ACCEPT
iptables -A INPUT -p ICMP -s 10.0.0.2 -j ACCEPT
iptables FORWARD -i tun1 -s 10.0.0.2 -d 192.168.1.0/24 -j ACCEPT
Enable routing:
echo 1 > /proc/sys/net/ipv4/ip_forward
Config Side-A:
remote het-b.zeldor.biz
float
port 8001
dev tun
ifconfig 10.0.0.1 10.0.0.2
persist-tun
persist-local-ip
persist-remote-ip
comp-lzo
ping 15
secret /etc/openvpn/vpn.key
route 192.168.2.0 255.255.255.0
chroot /tmp/openvpn
user nobody
group nogroup
log-append /var/log/openvpn/vpn.log
verb 1

2. Side-B:
Router/Gateway: 192.168.2.1
WAN-Address: het-b.zeldor.biz
Firewall:
iptables -A INPUT -p udp --dport 8001 -j ACCEPT
iptables -A FORWARD -p tcp -s 10.0.0.1 -d 192.168.2.0/24 -j ACCEPT
iptables -A FORWARD -p udp -s 10.0.0.1 -d 192.168.2.0/24 -j ACCEPT
iptables -A FORWARD -p icmp -s 10.0.0.1 -d 192.168.2.0/24 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEP
iptables -A FORWARD -p icmp -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
Config Side-B:
remote het-a.zeldor.biz
float
port 8001
dev tun
ifconfig 10.0.0.2 10.0.0.1
persist-tun
persist-local-ip
persist-remote-ip
comp-lzo
ping 15
secret /etc/openvpn/vpn.key
route 192.168.1.0 255.255.255.0
chroot /tmp/openvpn
user nobody
group nogroup
log-append /var/log/openvpn/vpn.log
verb 1
Enable routing:
echo 1 > /proc/sys/net/ipv4/ip_forward
Generate a security key on Side-A and copy it to Side-B:
openvpn --genkey --secret /etc/openvpn/vpn.key
scp /etc/openvpn/vpn.key root@het-b.zeldor.biz:/etc/openvpn/vpn.key
Establish VPN connection(execute on both sides):
openvpn --config /etc/openvpn/vpn.conf

3. Your remote address could be a IP or hostname or dyndns alias.
Test connectivity: (use ping traceroute)
traceroute to 192.168.2.36 (192.168.2.36), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 0.343 ms 0.371 ms 0.431 ms
2 10.0.0.2 (10.0.0.2) 29.157 ms 29.342 ms 29.417 ms
3 192.168.2.36 (192.168.2.36) 30.261 ms 30.626 ms 30.831 ms
Finally:
service iptables start
iptables --flush
service iptables save
service iptables restart
service network restart
iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain # Delete all chains that are not in default filter
/sbin/service openvpn start
openvpn client.conf
/sbin/iptables -L
iptables -L -t nat –n
ip route
route –n
tracert {what_ever_ip_address}
netstat -ao |find /i "listening"
Open VPN Connectivity Testing:
tail -f /var/log/openvpn-status.log
tail -f /var/log/openvpn.log
REF:
REF: http://zeldor.biz/2010/12/openvpn-site-to-site-setup/
REF: http://blog.wains.be/2008/06/07/routed-openvpn-between-two-subnets-behind-nat-gateways/
REF: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=372052
REF: http://www.garron.me/linux/scp-linux-mac-command-windows-copy-files-over-ssh.html
REF: http://www.cyberciti.biz/tips/configuring-static-routes-in-debian-or-red-hat-linux-systems.html
REF: http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/6da25e69-e5b9-4cd4-a3d9-a20feb412257/
REF: https://forums.openvpn.net/topic9465.html