[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: advice


  • Subject: Re: [Openvpn-users] Re: advice
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Wed, 8 Dec 2004 02:36:23 -0700 (MST)

On Wed, 8 Dec 2004, Max Waterman wrote:

> Charles Duffy wrote:
> > On Wed, 08 Dec 2004 11:50:18 +0800, Max Waterman wrote:
> > 
> > 
> >>So, the way I see it, we could buy just one routable address which will
> >>be our vpn server, and have all the other sites as vpn clients with
> >>non-routable addresses.
> >>
> >>Will this work?
> > 
> > 
> > Yes.
> > 
> > 
> >>Disadvantages seem to be :
> >>
> >>0) seems to require significant technical expertise to install and set
> >>up
> > 
> > 
> > Not as much as most of the competing alternatives, in my experience.
> > 
> > 
> >>1) somewhat reliant on the momentum of the developers - however, since
> >>it is open source, we could always pay someone to do further bug fixes
> >>etc
> > 
> > 
> > James has proven to be an excellent maintainer, and I understand that he
> > is available for contract work. I'd strongly consider hiring him in the
> > event that you need any such custom work done.
> > 
> > 
> >>Could someone comment on the proposed single-server/multiple-client
> >>architecture?
> > 
> > 
> > The good news is that it'll work.
> > 
> > The bad news is that the server with the routable IP is an extra hop
> > between any of your sites.
> 
> I don't anticipate this being a problem. The network will only be used 
> for routing email, and perhaps access to some central servers (eg email, 
> smb) - the main traffic is likely to be http through the central 
> internet gateway. I suppose I could use some automatic proxy rules to 
> route local Chinese traffic via local site gateways, and US traffic via 
> a gateway located in the US.
> 
> That last bit sounds a bit complicated.
> 
> > If you have a single site hosting your company
> > servers, having the routable IP be there would mean you could avoid the
> > efficiency penalty of bouncing out to a separate system.
> 
> Right. That was the intension, though it is all very conceptual at this 
> stage.
> 
> The idea of contracting this James person is starting to grow on me. 
> I'll have to look into it.

I think what you're trying to do is fairly straightforward to accomplish
with OpenVPN 2.0.  It's possible to set up the server with a single global
IP address and UDP or TCP port, and then access the server from clients 
which exist behind NAT gateways.

James

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users