Leonard Isham wrote:
On Tue, 07 Dec 2004 22:16:09 -0600, Charles Duffy <cduffy@xxxxxxxxxxx> wrote:
On Wed, 08 Dec 2004 11:50:18 +0800, Max Waterman wrote:
So, the way I see it, we could buy just one routable address which will
be our vpn server, and have all the other sites as vpn clients with
Will this work?
Disadvantages seem to be :
0) seems to require significant technical expertise to install and set
Not as much as most of the competing alternatives, in my experience.
As in any project of a large size initial planning and preperation
will minimized the chances of failure. I highly suggest developinga
an understanding of the traffic flow and using that to create an IP
architecture and plan out the connections to minimize useless routing.
Indeed. I think there would be minimal traffic from site to site; only
traffic via email servers. Most traffic would be via the internet
gateway and to servers (smb, email) hosted at the same site as the vpn
Consider hiring some help for the initial design and possible implimentation.
OK. Perhaps James would be an ideal candidate. I'll think about it.
1) somewhat reliant on the momentum of the developers - however, since
it is open source, we could always pay someone to do further bug fixes
James has proven to be an excellent maintainer, and I understand that he
is available for contract work. I'd strongly consider hiring him in the
event that you need any such custom work done.
Could someone comment on the proposed single-server/multiple-client
The good news is that it'll work.
The bad news is that the server with the routable IP is an extra hop
between any of your sites. If you have a single site hosting your company
servers, having the routable IP be there would mean you could avoid the
efficiency penalty of bouncing out to a separate system.
I'm not 100% sure of the definition of what a non-routable IP is (I
have not looked into China's standards). I'm guessing that they use
the private IPs as defined by RFC 1918, and depending on the exact
By 'non-routable' I mean addresses in ranges such as 192.168.x.x and
10.x.x.x; our ISPs have given us addresses in the latter range, and
(some of) our lans use the former range.
I don't think China has any relevant standards that are different to
ones in the US. I was hoping we could avoid the IPv4 routable IP address
problem by using IPv6, but it doesn't look like that is ready for
service just yet.
Openvpn-users mailing list