Leonard Isham wrote:
Assuming your WAN is mostly a star layout, then the centre of that star will
have the public IP and run the OpenVPN server, with all of the other sattelite
sites connecting to it. As it's UDP or TCP traffic, NAT isn't an issue where
it might be with other commercial products.
A Star my bottlenect the traffic at one site. Knowing the normal
communication flows would allow you to design a network infrastrucrure
that would work more efficiently. I'm guessing a distributed hub and
spoke would work best.
But would mean we would need a routable IP address at each site.
Reducing costs - especially ongoing ones - is crucial, IMO.
I have to admit it was those two that sent me in the direction of OpenVPN in
the first place. I'd looked at FreeS/WAN for some time, but (probably due to
my lack of familiarity with IPSEC) decided against it. I've not looked back.
I ran into someone on the Fedora list that switched from FreeS/WAN to
OpenVPN and "hasn't looked back."
Nice to hear :)
By 'non-routable' I mean addresses in ranges such as 192.168.x.x and
10.x.x.x; our ISPs have given us addresses in the latter range, and
(some of) our lans use the former range.
It is common practice among all ISPs to provide private IPs unless the
business is willing to pay a premium for the public IP addesses. In
these cases there is actually 1 public IP address assigned per
business customer on the outside interface of the router and the
internat IP addresses are NATed behind them.
I could be wrong, but, when I lived in the US, I thought that we all
were given routable (public, in your parlance) addresses; this way we
could host our own servers etc.
You might want to try http://www.ipaddress.com/ from all the sites
several times and see if they always get the same IP, and if it is
different for each site.
It is certainly different for each site. We might be lucky and get two
that share the same IP address, but some of the sites are in different
If this is actually what is happening I would
see if they will route inbound traffic based on ports (then you would
be able to use any site as a hub.
Nope - they won't do this - though I would guess it is worth a try to
make sure. A lot of things get lost in translation.
If they don't have public IPs, but yoy can do access the computers at
another site by IP then they apparently us private IPs for the entire
ISP and you wouldn't need to worry about the connections when you have
a common ISP.
Nope :( They even have different subnets and don't route between them :(
Worst possible case, I fear :(
Thanks though :)
Openvpn-users mailing list