Our company is considering our options wrt firewall and vpn solutions.
We have maybe 10-15 different sites distributed world-wide - 1 in Atlanta and others in China.
The major problem as I see it is that none of our sites have routable IP addresses. Here in China, such addresses come at a premium and so, IMO, we should minimise the number of them required in our vpn solution.
So, the way I see it, we could buy just one routable address which will be our vpn server, and have all the other sites as vpn clients with non-routable addresses.
Will this work?
The advantages of this solutions are mostly cost :
0) s/w is 'free' (although a donation would seem appropriate)
1) only 1 routable address required - other solutions seem to require routable addresses at all sites
2) no vpn client license fee - others solutions seem to require a fee for each client or for a batch of clients
3) no hardware costs - we can use previous generation general purpose computers that we already own to do the vpn codec'ing, and the hardware can be chosen to match the load - other solutions cost money for hardware and that hardware is less flexible in terms of matching the requirements of the site
4) the software is open, so we are not tied to any single manufacturer, which ensures our future choices
Disadvantages seem to be :
0) seems to require significant technical expertise to install and set up
1) somewhat reliant on the momentum of the developers - however, since it is open source, we could always pay someone to do further bug fixes etc
Could someone comment on the proposed single-server/multiple-client architecture?
Could someone comment/add to the advantages/disadvantages?
PS. other solutions being considered include 'netscreen 208' and 'sonicwall pro 4060'; the latter's documentation seems to suggest that it requires a routable IP - am I wrong?
____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users