1. Home
  2. LogonBox VPN
  3. Administration
  4. Site to site VPN configuration

Site to site VPN configuration

Can't find what you're looking for?
Request Supporthere

Christopher Dakin 10 August, 2020

Introduction

With just a couple of extra settings, it is possible to set the LogonBox VPN up as a site to site network rather than the default client to site.

This configuration will continue to use a single LogonBox VPN server, but allow a client to route into its local site.

 

Initial Configuration

By following the standard initial configuration guide for setting up client to site connections, this will get you most of the way towards a working site to site configuration too:

https://docs.logonbox.com/app/manpage/agent/article/2744754

A client using a site to site connection can use the same default peer definition that your normal users can.

 

Allowed IPs for remote site

For the user you will be using to authenticate the site to site connection, we need to add the local network's IP range for that site.

Navigate to Users & Permissions->Users and edit your user.

Click on the VPN tab and enter a CIDR range for the remote site's network and click the + button.

Click Update to save the changes.

 

NOTE: Making this configuration change will invalidate all existing client configuration files that are in use, as this remote site's IP range will be written to everyone elses configurations automatically.

This means that after making these changes, your other client to site users will need to log on to My Account and regenerate their client configurations.

 

Routing

By following the initial configuration guide, you should already have a static route configured on your main network's default gateway, but it could be worthwhile reviewing that here.

In this example, the remote site's network is 10.1.0.0/16.

Looking at the default route on the main network, we have a route for 10.1.0.0/16 that directs to the internal IP address of the LogonBox server, which here is 10.0.6.17.

 

We also need to set up a static route on the remote site's network.

On the remote site therefore in this example we set a route for 10.0.0.0/16 pointing to the IP address of the LogonBox VPN client.

 

IP Forwarding

Finally, we just need to ensure the client can forward packets on into the network by enabling IP forwarding.

 

On Linux, this can be done like so:

# sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1

or alternatively:

echo 1 > /proc/sys/net/ipv4/ip_forward

To make the change permanent insert or edit the following line in edit /etc/sysctl.conf:

net.ipv4.ip_forward = 1


On Windows, you can set a registry entry:

Go to the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters. If not already there, create a new REG_DWORD value named IPEnableRouter.

Set IPEnableRouter to 1 and reboot. Packet forwarding should now be enabled.