I have an azure vpn with a certificate. When I download the point to site configuration I get an ovpn file. If I install openvpn on windows and install the certificate into the windows store, I can gain point to site access to azure and it works great.
Is there a way to set up a Ubuntu/windows server to create a site to site vpn? I have been watching videos and reading docs… most involve downloading ovpn files from nordvpn and then using user and password (https://youtu.be/xFficDCEv3c) but I am not sure if I can use my modified azure ovpn with a certificate in this scenario.
I also looked at openvpn access servers but I don’t think I can connect that to azure either. Super confused lol.
Thanks for any help!
That should be possible. The configuration files between site-to-site and peer-to-site (aka roadwarrior config) isn’t big, if there is a difference. Some peer configs enable username/password auth, sometimes without client certificates. Whereas site-to-site typically only have certificate only configurations. This is usually the most visible difference.
The rest is about routing and firewalling. You most likely will need to add --iroute options to the server config in a --client-config-dir based config file which is loaded when the client connects. The purpose of iroute is to tell the OpenVPN server which subnets are behind that specific client, so when a particular packet going to your subnet behind your VPN client comes from the VPN server or the network behind the OpenVPN server, the OpenVPN process knows which client to send the packet to. In addition comes the normal routing as well. Get to know tcpdump and listen to both the tun interface as well as the related physical network interfaces on both the client side and the server side to see where packets ends up,
And for firewalling, the forward chains needs to allow traffic passing to/from the tun interface as well as the physical networks you want to grant access to. And you need to ensure IP forwarding has been enabled on both sides (this is most likely already enabled on the server).
With this in place, the traffic should flow as expected.
In regards to OpenVPN Access Server. It should be possible to use that as well. Both as an Azure instance or located somewhere else. Another alternative is OpenVPN Cloud where you don’t need to do so much low-level configuration, most configuration is done via the web portal and then hosts or end-users download the appropriate configuration file. For Linux, there also exists an openvpn-connector-setup utility which downloads and configures the OpenVPN setup for you locally.
This is super useful thank you… I think I would prefer to not use access server… and then I will try that if I can’t figure it out…and finally try the cloud. Thank you for the time I really appreciate it… I just found an article that shows how to configure the standard server package on windows server (which I can’t do with access server) …probably just have to get the server.ovpn config file correct with all the certificates (im using enterprise certificates) and then maybe good to go…hopefully thanks again
Please, be very careful of following non-official posts on how to configure OpenVPN. There are millions of them nowadays, most of them copying each others mistakes. If you’ve never done OpenVPN configuration before, please have a look at here first: https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN
Thanks! I feel like creating a site to site vpn with 2 openvpn servers wouldn’t be hard… but it’s a lot to learn. I am mostly labbing it out, not actually implementing at home. Thanks again for the advice!