[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: advice



Leonard Isham wrote:
On Tue, 07 Dec 2004 22:16:09 -0600, Charles Duffy <cduffy@xxxxxxxxxxx> wrote:

On Wed, 08 Dec 2004 11:50:18 +0800, Max Waterman wrote:


So, the way I see it, we could buy just one routable address which will
be our vpn server, and have all the other sites as vpn clients with
non-routable addresses.

Will this work?

Yes.


Disadvantages seem to be :

0) seems to require significant technical expertise to install and set
up

Not as much as most of the competing alternatives, in my experience.


As in any project of a large size initial planning and preperation
will minimized the chances of failure.  I highly suggest developinga
an understanding of the traffic flow and using that to create an IP
architecture and plan out the connections to minimize useless routing.

Indeed. I think there would be minimal traffic from site to site; only traffic via email servers. Most traffic would be via the internet gateway and to servers (smb, email) hosted at the same site as the vpn server.



Consider hiring some help for the initial design and possible implimentation.

OK. Perhaps James would be an ideal candidate. I'll think about it.



1) somewhat reliant on the momentum of the developers - however, since
it is open source, we could always pay someone to do further bug fixes
etc

James has proven to be an excellent maintainer, and I understand that he is available for contract work. I'd strongly consider hiring him in the event that you need any such custom work done.


Could someone comment on the proposed single-server/multiple-client
architecture?

The good news is that it'll work.

The bad news is that the server with the routable IP is an extra hop
between any of your sites. If you have a single site hosting your company
servers, having the routable IP be there would mean you could avoid the
efficiency penalty of bouncing out to a separate system.



I'm not 100% sure of the definition of what a non-routable IP is (I
have not looked into China's standards).  I'm guessing that they use
the private IPs as defined by RFC 1918, and depending on the exact
architecture...

By 'non-routable' I mean addresses in ranges such as 192.168.x.x and 10.x.x.x; our ISPs have given us addresses in the latter range, and (some of) our lans use the former range.


I don't think China has any relevant standards that are different to ones in the US. I was hoping we could avoid the IPv4 routable IP address problem by using IPv6, but it doesn't look like that is ready for service just yet.

Thanks.

Max.

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users