[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Feasibility of a VPN configuration


  • Subject: Re: [Openvpn-users] Feasibility of a VPN configuration
  • From: Erich Titl <erich.titl@xxxxxxxx>
  • Date: Fri, 05 Oct 2007 13:29:16 +0000


Chris Clarke wrote:
> Hi,
>  
> I've been looking into a VPN solution and have been really impressed by
> what I've seen so far from OpenVPN.
>  
> As a first project into the VPN arena, I think what I'm attempting is a
> bit ambitious but I thought I'd put it out here and see if any of you
> good people could advise me on this.
>  
> I have to provide remote working to 2 groups of people.  Some will be
> individuals connecting in from home etc (Roadwarriors essentially) and
> the others are setting up small (<4 computers) remote offices.  I was
> initially going to configure all these to be the same and have them all
> acting as roadwarriors but there is some interest in using network
> printers at the offices and possibly IP telephony too.

For the offices I would use a small OpeVPN appliance, you can use a
small linux distro running of a flash disk, for example.

If you need remote printing you will have to assign proper routing to
these offices.

>  
> Is it feasible to set up a situation where I can use a gateway machine
> to effectively create this
> 
> Main LAN -- OpenVPN Server --Internet -- Broadband router --  OpenVPN
> client           ----- Small LAN
> 10.x.x.x   192.168.30.2 (DMZ)            192.168.254.1     192.168.254.2
> 192.168.40.1       192.168.40.x
>  
>                                          Broadband router --  OpenVPN
> client           ----- Small LAN
>                                          192.168.254.1    
> 192.168.254.2 192.168.41.1       192.168.41.x
>  
>                                          Broadband router --  OpenVPN
> client           ----- Small LAN
>                                          192.168.254.1     192.168.254.2
> 192.168.43.1       192.168.43.x
>  
>                                          Broadband router --  XP Machine
> with Client
>                                          192.168.254.1     192.168.254.2
> (192.168.60.x)

>  
> XP machine issued with IP from a roadwarrior pool of IP's

sure

>  
> All clients will be XP machines but I want to use Linux for the OpenVPN
> server and the client at the office.  It's also vitally important that
> when connected to the VPN, all traffic must go over that connection.

see above

>  
> I'd also really like it if the users of the road warrior machines could
> be authenticated via RADIUS as we have an RSA SecurID server that can
> function as a RADIUS server.  I've looked at the PAM module for this and
> it looks promising for this function.

>  
> On another point, does anyone have any real life figures to what
> throughput you can get through an OpenVPN server using 128 or 256bit
> AES?  Clearly this depends on CPU etc but some examples would be great!

Your typical intel processor nowadays has sufficient beef for the
Broadband one typically can afford. I run mine on 233 Mhz embedded
machines with a SC1100. Some ARM based systems appear to have issues
with context switching, so passing data from kernel to userspace may be
an issue. I have no figures though.

cheers
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users