Site to site VPN issues

[djg85]

I've been trying to setup a site to site VPN for a while and I've sort of got it working however it's far from perfect. Hoping for a few suggestions to get everything working properly.



Current setup

Site A - IP range is 192.168.0.x

VM Broadband (SuperHub)
ESXi box with Server 2012R2 (DC/DNS/DHCP)


Site B - IP range is 192.168.10.x

Sky Fiber (using the new black Sky router)
ESXi box with Server 2012R2 (DC/DNS/DHCP)



I installed Logmein Hamachi a while back (mesh network) on both 2012 servers and set a static route between them. This works fine between both machines and I can ping by hostname/IP without any issues. They also seem to replicate AD data without any problems. Both DC's can see client machines on their own side however can't see any machines on the other side unless Hamachi is installed on the client machine. I can ping or RDP to the client machines on each side by the Hamachi assigned IP however if I try by Hostname it either tries to resolve to the local IP for the machine (if there is a DNS entry) before timing out or doesn't resolve the host at all.


Is there an easy and free or fairly cheap way of sorting this (I feel like I'm missing something obvious)? Ideally I'd like to ditch Hamachi as it's no longer free and seems to be over-complicating things. I did try and set up a pfSense vm at either end a while ago however had issues on the Sky side (couldn't get a WAN IP to show). Was hoping when I got fiber installed a few weeks ago I'd be able to ditch the Sky router and use the Openreach one but Sky seem to be doing all-in-one router/modems again so I'm stuffed there . I've started mucking about with SCCM, Lync and Exchange and these are all set up at site B so I'm going to need them to be able to talk to site A without any issues as well.

 

[Caged]

Windows Server can do site-to-site pretty easily. Use it in combination with the AD sites tool to designate subnets to sites so AD knows what is on what side of the link.

 

[djg85]

Right setup everything using "sites and services" and after rebooting both DC's I could no longer RDP to them from the same subnet. I thought this may be to do with the original static routes I had set for Hamachi (and just Hamachi playing up in general) so I removed this and added the default gateways back in the adapter settings (somehow they had disappeared on each DC). Can now RDP and ping each DC from within its own subnet however the DC on site B seems to have fallen out with me. I'm getting errors that a PDC cant be contacted if I attempt to open "active directory domains & trusts" (and get similar errors when trying to open anything AD related) and I also get an access denied error when trying to open DNS.


Anyway assuming somehow site B's DC will be happy again once a link is established to Site A, whats the best way of eliminating Hamachi altogether seeing as I am stuck with dynamic WAN IPs? I have a DynDNS account which is pointing my domain to Site B so I don't think I will have any problems there but what about site A? I can't use the same DynDNS account for that as well can I? Also as I've just noticed the SuperHub has no dynamicDNS options whatsoever so doing stuff at router level is not going to work. I take it once I've got both IP's sorted a site to site setup through RRAS should work?