With OpenVPN site-to-site tunnels you may wish to route or allow access to multiple networks through the VPN. One NG Firewall will be designated as the Server, the other will be designated as the Client. The configuration is possible using Exported Networks and the client Remote Networks setting.
On the Server NG Firewall, you will need to define the local networks you wish to allow access to. This is done using the Exported Networks tab. Then create the client, listing any remote networks you need to have access to.
- Go to Apps > OpenVPN Settings > Server. Make sure "Server Enabled" is checked.
- On the Server tab, click the Exported Networks sub-tab.
- The internal interface network is added by default. Click Add and add the local network you want to allow access to in CIDR notation. Add a new entry for each additional local network.
- Next, create the client configuration. Go to the Remote Clients tab.
- Click Add to add a new client. This client will be used for the other Edge Threat Management device.
- For Type select Network. In Remote Networks fill in any remote networks you want to have access to in CIDR notation. Multiple subnets can be separated with commas.
- Click Done and then Save on the main configuration page to generate the client.
- Click Download Client.
On the Client NG Firewall you simply need to upload the client configuration file that was downloaded in the previous step.
- Go to Apps > OpenVPN Settings > Client.
- Click Upload Remote Server Configuration File and upload the configuration you downloaded from the server.
- Click Save to activate the VPN.