I've been assigned a task to implement a VPN link for
a smaller company. But because I'm newbie to OpenVPN I would appreciate
some guidelines and advices.
The company has three offices that are supposed to be
connected through VPN, say A, B and C. All sites connect to Internet through
ADSL, currently with dynamic IP addresses, but can be "upgraded" to
static ones, if necessary.
The prerequisites are as follow:
Site A: one server + some workstations + a couple of
networks printers + simple hardware router to connect to Internet + a couple of
wireless access points.
Site B: a couple of machines + network printer + similar
Site C: currently only one computer directly connected to
Internet, but there are expansion plans (additional machines and a network
Additionally a couple of clients, "road
warriors", should be possible to connect to the corporate LAN.
All computers run Windows XP Pro, even the server at site A
- this is just a simple workgroup without any Windows domain. IP
addresses are assigned by routers' DHCP, but at site A are bound to MAC
addresses due to some services that rely on fixed IP's. Therefore,
especially at site A, significant changes to the LAN structure are not
One more requirement is that it has to be possible to browse
all the shared resources and printers on the entire LAN from any machine.
Therefore I was thinking about a bridged solution with OpenVPN
server at site A installed on the existing server (with one NIC) behind the
router. And similar at site B. But if necessary, it is possible to add
additional machines, Windows or Linux.
But how to solve the three-part communication? Should both B
and C be configured as clients and let the traffic between them always go
through A? And how about the IP address space? Today all the addresses belong
to the 192.168.0.x series. It is not a problem to devide it in three address
spasm, but how about the routers? Do they need to have different addresses as
well (today both have default 192.168.0.1 on the LAN side)?
Any tip would be appreciated.
Thanks in advance,