I am trying to understand how you can use a VPN in the reverse direction. There are plenty of post on here asking a question about is a tunnel bidirectional spanning over 10 years, and there are lots of answers that say yes it is, but none of them give any specifics of how the routing works. I have the same question, but more about how in terms of how the routing works by the vpn itself.
My issue is actually related to Two Synology NAS and Hyperbackup in both directions, but that's not really the question.
My scenario of this. I have a remote office with an unknown external ip address linked to a central office with a static external ip address. Lets say its xxx.xxx.xxx.xxx.
In the central office there is a server on a fixed ip address. lets say 192.168.0.2.
As I implied the central office operates on 192.168.0.0/24 sub-net with the obvious 192.168.0.1 default gateway is the router. This router has a openVPN server and after setup specifies to use 10.8.0.0/16 as the client network and 1149 and the UDP gateway port. After setup the resultant .opvn file can be exported.
I can then edit xxx.xxx.xxx.xxx in this file as the servers address. (but I wouldn't be able to do the same the other way round because the ip is not fixed)
The remote office operates on192.168.1.0/24 with its default gateway there 192.168.1.1`. This Router has a openVPN Client setup with the .opvn file produced above. I believe you see on the head office router that this client has been allocated a single ip address in the 10.8.0.0/16 range, lets say 10.8.z.z.
The remote office also has a has a server on 192.168.1.2
Normally this remote server is the Vault for backup of the data from the central server.
I suspect it is this Vault software that is responsible for establishing a connection over the VPN and sucking the backups. However I want to backup some data in the opposite direction. In this case the Vault at the central office needs to connect to 192.168.1.2, backup software. When it does this, what does the central office router do. How does it know that 192.168.1.2 is via the specific 10.8.z.z IP address (there maybe more than one remote office connected this way, and some genuine remote roaming staff connecting in to the central office too). Do I have a problem if any of the users are also using the 192.168.1.0/16 range as their sub-net?
So although I here lots of people say yes it does work bidirectionally, when it comes to a practical example I can't see how its going to work. Can someone tell me?
