Access remote networks with a site to site VPN – Part 1

Overview

Rather than sucking up a whole bunch of public IP space, sometimes it can be handy to run virtual machines behind NAT. Unfortunately, it can be hard to remotely administer machines on another network without direct ssh access.

One option is port forwarding, or creating some sort of jump/management VM on each network, that you can tunnel through. Another option, that we’ll be exploring in this post, is using a virtual private network to connect the two networks. To do this, we’ll setup two virtual machines, one on each network, and use them to talk to each other. After that, we’ll setup static routes as needed to send the proper traffic through the tunnel.

The main benefit of this kind of setup is that the VPN tunnel is always there, and you don’t need to run any additional software on your computer or routers. You certainly can set this up on the router itself, but most residential routers or gateways don’t support this without flashing different firmware.

Getting started

We’ll need to pick two subnets, one for each network. We’ll use 10.0.0.0/24 for the local network, and 10.0.2.0/24 on the remote network. You can certainly use completely different IP ranges, but I feel the 10.0.0.0/8 is easier to manage and keep track of as you add new subnets in the future.

Keep in mind, the VPN itself will also need a subnet to run on and provide IP addresses to the clients. Be sure that neither your local or remote subnets overlap this.

Virtual Machine Setup

First, create your virtual machines. For this case, we’re going to be using pfsense. It is a pretty powerful router OS with a good GUI, if you’re not proficient enough to do everything on the command line. Download it here: https://www.pfsense.org/download/

Each VM should have 2 network devices.

For the first, use DHCP or another method to assign it an IP it can use to access the internet unhindered.

The second NIC should be assigned an IP in the subnet you chose for that network. For example, in our 10.0.2.0/8 network, we’ll give that interface the IP 10.0.2.1. This will act as the gateway for that subnet, when traversing to other networks (excluding the internet).

Install pfsense as the OS on each virtual machine and perform the aforementioned networking configuration. Check out the wonderful website at http://google.com if you have trouble with that part.

After the setup, you should have something similar to the following :

10.0.0.2 is the DHCP IP we got from our networks router, and 10.0.0.179 is the static IP we set for the second NIC. These may vary according to your network setup.

We’ll take a look at the tunnel setup in the next part: Part 2

Leave a Reply

Your email address will not be published. Required fields are marked *