[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] pptp over openvpn


  • Subject: [Openvpn-users] pptp over openvpn
  • From: "Aaron P. Martinez" <ml@xxxxxxxxxxxxxx>
  • Date: Wed, 26 Jan 2005 18:42:51 -0600

I'm not sure if this is completely absurd but i thought i'd ask the
group.  

I have 2 openvpn machines running as a p-t-p between two offices using
tls instead of shared key and am happy/not concerned at all with this. 
I also need to allow roaming internet users to vpn to the machines at
the central office and then go out to the lan at this location. 
Currently i have planned to put this machine on the DMZ and just allow
traffic from the vpn to cross freely.  I'm pushing back a wins server
address so that they can browse the network after they are through the
router.

I will be using tun devices because my current lan is almost out of IPs
(class c network and using about 200 of them currently)  making tap not
an option (unless of course I don't understand the tap scenario).  all
of the remote clients are currently using pptp to connect with allows
them perfect integration with the W2K ras server using active directory
and doesn't take up any ip's on my lan.  

Now what i was thinking is that instead of putting my vpn server on the
dmz, i move it to the lan and let the remote users establish a
connection using openvpn and then have them run their pptp connection
over that.  They would maintain the windows integration and at the same
time have an extra level of security as well.  Since i'm allowing the
traffic from openvpn to pass freely onto the lan anyway, is there any
additional security risk here?

Will this scenario slow the connections down to an unusable level?  As i
asked before, is this just absurd?

Any suggestions welcome,

Thanks,

Aaron Martinez


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users