[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: advice

  • Subject: Re: [Openvpn-users] Re: advice
  • From: Leonard Isham <leonard.isham@xxxxxxxxx>
  • Date: Wed, 8 Dec 2004 00:08:53 -0500

On Tue, 07 Dec 2004 22:16:09 -0600, Charles Duffy <cduffy@xxxxxxxxxxx> wrote:
> On Wed, 08 Dec 2004 11:50:18 +0800, Max Waterman wrote:
> > So, the way I see it, we could buy just one routable address which will
> > be our vpn server, and have all the other sites as vpn clients with
> > non-routable addresses.
> >
> > Will this work?
> Yes.
> > Disadvantages seem to be :
> >
> > 0) seems to require significant technical expertise to install and set
> > up
> Not as much as most of the competing alternatives, in my experience.

As in any project of a large size initial planning and preperation
will minimized the chances of failure.  I highly suggest developinga
an understanding of the traffic flow and using that to create an IP
architecture and plan out the connections to minimize useless routing.

Consider hiring some help for the initial design and possible implimentation.

> > 1) somewhat reliant on the momentum of the developers - however, since
> > it is open source, we could always pay someone to do further bug fixes
> > etc
> James has proven to be an excellent maintainer, and I understand that he
> is available for contract work. I'd strongly consider hiring him in the
> event that you need any such custom work done.
> > Could someone comment on the proposed single-server/multiple-client
> > architecture?
> The good news is that it'll work.
> The bad news is that the server with the routable IP is an extra hop
> between any of your sites. If you have a single site hosting your company
> servers, having the routable IP be there would mean you could avoid the
> efficiency penalty of bouncing out to a separate system.

I'm not 100% sure of the definition of what a non-routable IP is (I
have not looked into China's standards).  I'm guessing that they use
the private IPs as defined by RFC 1918, and depending on the exact

Leonard Isham, CISSP 
Ostendo non ostento.

Openvpn-users mailing list