Veeam PN allows two types of scenarios: Point to Site and Site to Site VPN. In this article we’ll explore the first option connecting standalone devices to the production network using a Veeam PN Client. The Veeam PN client essentially is configuration file that VPN clients based on OpenVPN solution can use to connect to the corporate network. Veeam PN leverages the same technology and allows to manage multiple VPN connections. All connections and other settings can be easily managed from the same console.
In the case of Point to Site connection all it needs to be done is to create a “Client connection file”. This file is generated by Veeam PN and includes all settings with a certificate as well to encrypt the VPN tunnel connection. A single client connection file can be used as a profile for multiple devices. For example creating a connection file for the sales force working outside the main office, remote workers and even partners that require access to specific resources for collaboration. There are many use cases. All of them require a secure connection and Veeam PN client secures the connection to the production environment. It is useful also when using public networks. For example a WiFi area in Hotels and Airports and other public areas.
Is proving useful also for homelab scenarios. The option to easily connect to your environment and test or even show configurations and settings is priceless. Especially when meeting with customers.
Let’s take a look on how to create a Veeam PN client configuration file to use with OpenVPN client on a Windows machine.
Veeam PN client install for Windows
From the Veeam PN console Clients > Add section to start the wizard and create the client configuration file. In this case let’s choose the Standalone computer option. In reality the same configuration file can be shared across different devices and each one will be automatically assigned a different IP address from Veeam PN.
In this configuration we can specify the name of the connection. For example sales, partners and so on. In this example I’m creating a connection file for the laptop to connect to my homelab. By selecting the Hub option the connected Veeam PN Client will use the Veeam PN Hub as the main gateway for the internet traffic and more importantly use internal DNS in “remote network” to resolve all the names in the network. This is very useful. Internal firewalls can allow and deny connections to specific internal resources based on IP Addresses. This means that company users will be able to connect and “see” everything. External users like partners will be able to securely connect and only “see” the intended resources.
Veeam PN Client wizard is now complete with the creation of the OpenVPN client configuration file.
From the same view it is possible to create, edit, delete and manage specific client configuration files. Let’s download the configuration file and save it for later.
On the client we want to connect over VPN (Windows machine in this case) we can now install the OpenVPN client. The installation is straightforward and quick to complete.
Let’s accept the OpenVPN license agreement and proceed.
A default installation includes all the necessary components. Unless something different is desired we can proceed with default selection. Of course these settings can be changed at any time. OpenVPN service, TAP adapter and GUI are the most important.
Let’s choose the install location. It takes only a few MB in space.
OpenVPN client uses a “virtual network adapter” to create the tunneled connection and is using it’s own drivers for the new network adapter. Let’s accept and install the drivers.
The installation wizard is now ready to progress with the installation which takes only a few seconds. When completed a new icon will appear in the tray bar. With a right click we can import the Veeam PN client configuration file. Once imported we are ready to Connect using the same menu.
From the Veeam PN console we can now see the connected clients with nice real-time stats. The Performances section offers even more information. This article covered the Veeam PN client install for one device only. In reality, same configuration file can be shared across multiple machines. Each one will be automatically assigned an IP Address. This means we could create configuration files for different departments or partners and external users like remote workers.
What about DNS reolution. The client machine connects, but it can´t resolve local dns names.
thanks for your comment. I have seen a similar behavior when the local and remote network use the same IP Network. For example both local/remote use 192.168.1.x/24. In this the “router” on the VPN doesn’t know which one is which. By default the Veeam PN uses the 10.0.9.0/8 network.
After connecting to the Veeam PN HUB, assuming the IP Address is 10.0.9.2, (10.0.9.1 is the Veeam PN interface) you can simply add a static route. Something similar to this on a Windows client:
route add 192.168.1.0 MASK 255.255.255.0 10.0.9.2
After that DNS queries should work correctly. If you cannot reach the DNS into you internal (remote) network make sure to have the relative entries with FQDN names in Windows\Systems32\Drivers\etc\host file.
Hope this helps,