[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] How to configure three-party bridged LAN?


  • Subject: [Openvpn-users] How to configure three-party bridged LAN?
  • From: Jacek Palka <jacek.palka@xxxxxxxxxxxx>
  • Date: Wed, 21 Mar 2007 07:30:20 +0100

Hi there,

 

I've been assigned a task to implement a VPN link for a smaller company. But because I'm newbie to OpenVPN I would appreciate some guidelines and advices.

 

The company has three offices that are supposed to be connected through VPN, say A, B and C. All sites connect to Internet through ADSL, currently with dynamic IP addresses, but can be "upgraded" to static ones, if necessary.

 

The prerequisites are as follow:

Site A: one server + some workstations + a couple of networks printers + simple hardware router to connect to Internet + a couple of wireless access points.

Site B: a couple of machines + network printer + similar router

Site C: currently only one computer directly connected to Internet, but there are expansion plans (additional machines and a network printer)

 

Additionally a couple of clients, "road warriors", should be possible to connect to the corporate LAN.

 

All computers run Windows XP Pro, even the server at site A - this is just a simple workgroup without any Windows domain. IP addresses are assigned by routers' DHCP, but at site A are bound to MAC addresses due to some services that rely on fixed IP's. Therefore, especially at site A, significant changes to the LAN structure are not recommended.

 

One more requirement is that it has to be possible to browse all the shared resources and printers on the entire LAN from any machine.

 

Therefore I was thinking about a bridged solution with OpenVPN server at site A installed on the existing server (with one NIC) behind the router. And similar at site B. But if necessary, it is possible to add additional machines, Windows or Linux.

 

But how to solve the three-part communication? Should both B and C be configured as clients and let the traffic between them always go through A? And how about the IP address space? Today all the addresses belong to the 192.168.0.x series. It is not a problem to devide it in three address spasm, but how about the routers? Do they need to have different addresses as well (today both have default 192.168.0.1 on the LAN side)?

 

Any tip would be appreciated.

Thanks in advance,

 

Jacek

 

------------------------------------------------------------------------------

CONFIDENTIALITY AND DISCLAIMER NOTICE

This e-mail, including any attachments, is confidential and intended only for
the addressee. If you are not the intended recipient, please notify us
immediately and delete this e-mail from your system. Any use or disclosure of
the information contained herein is strictly prohibited.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users