Best choice for my scenario?

[veilsidebr]

Hello i have the current scenario:

3 Sites:

1st site: Headquarters
Is an OpenVPN client

2nd site: Branch office
Is an OpenVPN SERVER

3rd site: Branch Office (new one)



So far the 1st and 2nd sites are communicatig through the following manner:


Server .conf

remote "IP of the client
dev tun
ifconfig 10.0.0.1 10.0.0.2
up /etc/openvpn/up.sh
down /etc/openvpn/down.sh
secret /etc/openvpn/key
comp-lzo
ping 15
port 5002
user nobody
group nobody
log-append logfile
verb 5


Client .conf

remote "IP of the server
dev tun
ifconfig 10.0.0.2 10.0.0.1
up /etc/openvpn/up.sh
down /etc/openvpn/down.sh
secret /etc/openvpn/key
comp-lzo
ping 15
port 5002
user nobody
group nobody
verb 5

As you can see my structure is based on a point to point tunnel. So far i wish to add a new vpn client (new office at 3rd site) but i don't know if it is possible at this scenario.

I have searched and saw that i can build a Server-multiclient structure with a different .conf file at both server and client, and also by generating some certificates and keys. That would be based on TLS and the server would give clients their address based on a defined subnet wrote at its .conf.

I don't know by which way should i go through to add a new client.

My goal is: Making the new VPN Client stabilish a VPN with the Headquarters (Current VPN Client) so i can create a domain trust relationship at my 2003's.

Remembering that the OpenVPN Server is at the branch office, not at headquarters.

Any help or suggestion would be greatly appreciated.

Best Regards,

Sammuel Moretto

[jledhead]

sounds like now would be a good time to switch the roles and put the vpn server at headquarters.