[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Feasibility of a VPN configuration

  • Subject: [Openvpn-users] Feasibility of a VPN configuration
  • From: Chris Clarke <clarkec8@xxxxxxxxxxx>
  • Date: Fri, 5 Oct 2007 10:45:46 +0000
  • Importance: Normal

I've been looking into a VPN solution and have been really impressed by what I've seen so far from OpenVPN.
As a first project into the VPN arena, I think what I'm attempting is a bit ambitious but I thought I'd put it out here and see if any of you good people could advise me on this.
I have to provide remote working to 2 groups of people.  Some will be individuals connecting in from home etc (Roadwarriors essentially) and the others are setting up small (<4 computers) remote offices.  I was initially going to configure all these to be the same and have them all acting as roadwarriors but there is some interest in using network printers at the offices and possibly IP telephony too.
Is it feasible to set up a situation where I can use a gateway machine to effectively create this

Main LAN -- OpenVPN Server --Internet -- Broadband router --  OpenVPN client           ----- Small LAN
10.x.x.x (DMZ)         192.168.40.x

                                         Broadband router --  OpenVPN client           ----- Small LAN

                                         Broadband router --  OpenVPN client           ----- Small LAN

                                         Broadband router --  XP Machine with Client

XP machine issued with IP from a roadwarrior pool of IP's
All clients will be XP machines but I want to use Linux for the OpenVPN server and the client at the office.  It's also vitally important that when connected to the VPN, all traffic must go over that connection.
I'd also really like it if the users of the road warrior machines could be authenticated via RADIUS as we have an RSA SecurID server that can function as a RADIUS server.  I've looked at the PAM module for this and it looks promising for this function.
On another point, does anyone have any real life figures to what throughput you can get through an OpenVPN server using 128 or 256bit AES?  Clearly this depends on CPU etc but some examples would be great!
If someone could advise if this is feasible I'd appreciate it.
Thanks for your help
Chris C

The next generation of MSN Hotmail has arrived - Windows Live Hotmail