[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] bridging windows

  • Subject: Re: [Openvpn-users] bridging windows
  • From: Leonard Isham <leonard.isham@xxxxxxxxx>
  • Date: Wed, 20 Jul 2005 07:40:53 -0400

On 7/19/05, Richard Pickett <Richard.Pickett@xxxxxxxxxxxxxxxxxxx> wrote:
> I've been using openvpn client-to-client and network-to-network for over
> a year now without any problems. Now I have a little tricky project that
> has come up and could use your advice.
> I have 4 remote offices. They all have one or two windows boxes at each
> location. Each has dsl to the internet and I plan on putting a linux
> router at each site and use openvpn to connect them all.
> They don't have a domain or wins server, nor can I talk them into one at
> this point (I would just do a samba server that plays DC, but they don't
> want to fork out the money at this point).
> They want to be able to browse every computer on their networks and
> share hard-drives over the vpn.
> I've got bridging up and running on a test bed of mine, so I know how to
> configure it (but may need some help because it's my first time doing
> bridging).
> One office in particular has a computer that will be shared by all the
> other offices.
> What I'm wondering about is how windows and browsing will like network
> segments.  Should I give each office their own segment and link each
> office to each other office and let the vpn handle the routing down the
> appropriate vpn? When someone browses, how will their box pick up the
> other network segments?
> OR
> Should I put all of the offices in the same segment and let openvpn tie
> all of them together? It sounds kinda messy but I'm thinking when
> windows broadcasts it's browse messages at least the broadcasts will
> make it to each office and the responses should come back across the
> vpns, tricking the browsing box into thinking all those other boxes are
> right there on his local segment.
> What's the right way to do this?
> Thanks for any insight.

I avoid bridging if at all possible. Windows broadcasts would make
this ugly.  Picture lost packets and:
1. systems "flapping" showing up and disapearing
2. Master Browsers Wars and ending up with multiple master browsers

I would route and use lmhosts files on the computers, located in
C:\WINDOWS\system32\drivers\etc or to be more generic (IIRC)
%SystemRoot%\system32\drivers\etc.  MS has details on how it works and
how to enable it.

Leonard Isham, CISSP 
Ostendo non ostento.

Openvpn-users mailing list