[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] network/openvpn design suggestions?


  • Subject: [Openvpn-users] network/openvpn design suggestions?
  • From: "Aaron P. Martinez" <ml@xxxxxxxxxxxxxx>
  • Date: Mon, 20 Dec 2004 16:32:18 -0600

I'm in the process of setting up an openvpn deployment between two
offices.  Currently there is a PTP FT1 between the offices that we want
to do away with.  I'm wondering if there is a recommended or 'best
practice' network design to follow.  I don't want open vpn running on my
firewalls as i don't have any services except ssh running on them. 
Below is a description of the simple setup.

+----------+  +--------+ |n| +-----------+
|linux     |--|T1      |-|t|-|linux      |
|router/NAT|  +--------+ |e| |router/NAT/|
|          |  +--------+ |r| |   firewall|
+----/-----+--|dsl     | |n| +-----/-----+
     |        +--------+ |e|      |
     |                   |t|      |
+----\---------+   point +-+ +----\---------+
|192.168.0.0/24----  to -----|192.168.1.0/24|
|   LAN        |   point     |   LAN        |
+--------------+             +--------------+

This is how I think i want it to look, but any suggestions or
information is what i'm after.

                         +-+
                         |i|
                         |n|
+----------+  +--------+ |t| +-----------+       +-----------+
|linux     |--|T1      |-|e|-|linux      |  DMZ  |open       |
|router/NAT|  +--------+ |r| |router/NAT/|-------|vpn        |
|          |  +--------+ |n| |   firewall|       |machine    |
+--------/-+--|dsl     | |e| +-----------+       +-----/-----+
     |   |    +--------+ |t|      |
     |D  |               +-+      |
     |M  |                        |
     |Z  |                        |
+-------+|                        |
|open   ||                        |
|vpn    ||                        |
|machine||                 +------\-------+
+-------+|                 |192.168.1.0/24|
         |                 |   LAN        |
         |                 +--------------+
         |
+--------\-----+
|192.168.0.0/24|
|   LAN        |
+--------------+ 

Does this look right?  Sorry for my bad ascii art

thanks in advance.

Aaron Martinez

Attachment: signature.asc
Description: This is a digitally signed message part