[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Implementing VPN with Dynamic IPs

  • Subject: Re: [Openvpn-users] Implementing VPN with Dynamic IPs
  • From: Leonard Isham <leonard.isham@xxxxxxxxx>
  • Date: Thu, 23 Dec 2004 09:16:34 -0500

On Thu, 23 Dec 2004 11:21:34 +0530, R. S. Patil
<kpr_rspatil@xxxxxxxxxxxxx> wrote:
> Dear Friends,
> I posted similar mail on various List and Mr. Leonard Isham
> recommended OpenVPN strongly for my needs. I visited the
> OpenVPN page and I have subscribed for this List. I have
> vary little experience in establishing WANs My Experience
> is Limited in Configuring Linux (Suse 8.2 and RH 9) for
> Lans using SAMBA, Wine and Dial in Server Configuration
> with mgetty. What I Want to do is as follows.
> We have many branch offices, Some traveling persons and
> a few third party corporate S/W developers who are suppose
> to solve some S/W related problems remotely.
> HO has about 20 to 30 Nodes and branches have 5 to 10 nodes.
> all have Linux Servers and RDBMS based C/S application.
> All nodes are having W9x/XP running on them. At present
> Traveling Persons and S/W dial in to each place separately
> and perform tasks they suppose to do.
> Recently Internet facility is being introduced by a ISP at
> all the locations in slabs of 128K, 256K, 512K, 1M speed.
> this facility is available with Dynamic IP addresses No Fix
> IP is Offered right now. The internal IP with in LAN are as Follows
> 10.x.y.1 for Server and Nodes 10.x.y.11 onwards.
> where x = int(Branch Code/100) y = mod(Branch Code/100)
> Branch Code is 100 For HO and 110, 120 like for branches
> e.g. HO server is and Nodes ......
>       Branch Server is and Nodes ......
> Now we want to establish a VPN with minimal investment. The data
> sharing between branches is very limited at present like viewing
> stocks, transferring documents files, extending software related support
> entering requests for any stock transfers etc. etc. But we wish to
> avail Internet facility for all the Users. A user from one branch
> should be using a application in his own branch to full extent
> but he will be using a downscaled application in another branch
> with local database at respective sites. We are not planning a
> centralized data warehouse like concept. But for support purpose
> we need to have access to any node from any place.
> What I derived by reading material related to VPN and OpenVPN
> is as Follows
> <--- Nodes ----> 10.1.0.* Network (HO)
> |    |    |    |
> +----+----+----+->  Server  ->   VPN Gateway   -> Internet
>            (Samba & Firewall)   (Firewall & NAT)
> <--- Nodes ----> 10.1.10.* Network (Branches)
> |    |    |    |
> +----+----+----+->  Server  ->   VPN Gateway   -> Internet
>            (Samba & Firewall)   (Firewall & NAT)
> ....... remaining Branches
> <--- Nodes ----> 192.168.*.* Network (Vendors)
> |    |    |    |
> +----+----+----+->  Server  ->   VPN Gateway   -> Internet
>            (Samba & Firewall)   (Firewall & NAT)
> Can somebody suggest me
> what OpenVPN S/W components I should have and a better Firewall.
> When VPN is established and when all the branches are connected to
> Internet Can every node will be able to see whole network in
> network Neighborhood ?
> (Essential requirement is pinging every node and running RealVNC on it)
> Can User of Any branch will be able to connect to Database in another
> branch and pass some queries and get data back ?
> I will be very much grateful if some more reading Material,
> howtos and case study(If somebody already done this) URLs are suggested.
> Thanks and Best Regards.
> R. S. Patil


For your configuration you will need to understand routing, setting up
WINS on the Windows systems to use Samba, and Samba sharing IP/naming
between sites.  I would also recommend going with one of the version 2
Release Candidates.

You will need to use a Dynamic DNS provider, (www.dyndns.ord and
www.no-ip.com) for at least one site possibly more than one.  This
would depend on your WAN design, which depends on your traffic
patterns, available bandwidth and other factors.

The article page has many good references from high level to details. 
The v2 release notes are valuable, as well as the MAN page (available
on-line).  The mailing list (which you found) and archives are
extremely valuable as well.

I think that should get you started.  

Leonard Isham, CISSP
Ostendo non ostento.

Openvpn-users mailing list