Creating a network via VPN over multiple locations

Question

I have three different locations (A, B, C) and one rented VPS (D). I want to create a virtual network so that all locations can reach each other. I've read up on VPN not but I've never set it up. As I understand it, OpenVPN is the recommended tool to use. I plan to use routers (Asus RT-AC66U to be precise) that support OpenVPN, on the three locations that I have access to (the VPS is rented so I don't control that network).

My questions are:

1. How do I set this up? Do all routers act as servers and clients, or should I consider one of the locations the server, and the rest clients? I.e. do I need A->B, A->C, A->D, B->A, B->C (and so on..) or should I use one as server (A for example) and set it up as B->A, C->A, D->A.

2. I only want to route the "local" traffic via VPN - the internet traffic doesn't need to pass through any other locations, because I fear that it would slow things down. Is this possible? If yes, do I have to configure this in all clients?

3. Is Hamachi a viable alternative to my proposed solution, and would you consider it a better or worse solution?

4. And lastly I have a question that might be difficult to answer. The VPS that is rented is only accessible to me via a VPN (pptp) that the provider has provided me with. Will it still be possible for that server to join this virtual network via OpenVPN?

Update: I want this to be a set-and-forget solution that is always up. Each location has approx 10+ clients (Windows computers, printers etc.) that need to be reachable from all locations. The routers are DHCP providers.

Answer 1

After receiving comments and suggestions this is what I consider the answer to my question:

1. Use one of the locations (preferably the VPS Server) as the OpenVPN server. Let the other locations be OpenVPN clients that connect to D. I.e. A->D, B->D, C->D. Use routing mode if you don't have specific broadcast needs (see https://community.openvpn.net/openvpn/wiki/BridgingAndRouting).

2. Yes, you will have to set it up on the clients. How to do it depends on the client OS etc. See OpenVPN: Only route a specific IP addresses through VPN? and similar.

3. A worse solution since you want a set-and-forget solution. Hamachi is better for temporary networks or for clients that regularly change location.

4. You should be able to connect to it as long as your VPN is allowed through their firewall.

Answer 2

Hamachi is the easiest solution for what you need. practically, you create the network at any of the locations, set a password, then join it from any other location.

Since the VPN will depend on the target locations for client the configuration, it will be over-difficult to do what you want. An all towards one area solution is possible (like B->A, C->A, D->A in your example) and in this case clients would get IP addresses from the same subnet, therefore being accessible between each other, but there is no reason to over-complicate things.

-Updated after comments- In that case... open a browser and access router settings To set up the VPN server at one of the locations where you have such a router:

1. Click "VPN Server" on the Advanced Settings menu on the left panel.

2. On the "Enable PPTP Server" item, select "Enable".

3. Select type of Broadcast Support.

4. Select type of Force MPPE Encyrption.

5. Type a range of IP addresses for the VPN clients. Example: 192.168.10.2 to 192.168.10.12. Note that as a VPN server, the ASUS router can assign only a maximum number of ten IP addresses.

6. Input a username and password for VPN clients. A maximum of ten usernames and passwords can be added.

7. Apply and save everything and check your WAN address. That will be the address the rest of the clients will connect to.

8. From the other locations add the necessary info to the VPN client tab. More specifically, Manually set-up VPN - No software. Copy and paste the server IP address that you previously seen to be the WAN address of the server.

That's all.