[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Feasibility of a VPN configuration

  • Subject: Re: [Openvpn-users] Feasibility of a VPN configuration
  • From: Erich Titl <erich.titl@xxxxxxxx>
  • Date: Fri, 05 Oct 2007 13:29:16 +0000

Chris Clarke wrote:
> Hi,
> I've been looking into a VPN solution and have been really impressed by
> what I've seen so far from OpenVPN.
> As a first project into the VPN arena, I think what I'm attempting is a
> bit ambitious but I thought I'd put it out here and see if any of you
> good people could advise me on this.
> I have to provide remote working to 2 groups of people.  Some will be
> individuals connecting in from home etc (Roadwarriors essentially) and
> the others are setting up small (<4 computers) remote offices.  I was
> initially going to configure all these to be the same and have them all
> acting as roadwarriors but there is some interest in using network
> printers at the offices and possibly IP telephony too.

For the offices I would use a small OpeVPN appliance, you can use a
small linux distro running of a flash disk, for example.

If you need remote printing you will have to assign proper routing to
these offices.

> Is it feasible to set up a situation where I can use a gateway machine
> to effectively create this
> Main LAN -- OpenVPN Server --Internet -- Broadband router --  OpenVPN
> client           ----- Small LAN
> 10.x.x.x (DMZ)  
>       192.168.40.x
>                                          Broadband router --  OpenVPN
> client           ----- Small LAN
>       192.168.41.x
>                                          Broadband router --  OpenVPN
> client           ----- Small LAN
>       192.168.43.x
>                                          Broadband router --  XP Machine
> with Client
> (192.168.60.x)

> XP machine issued with IP from a roadwarrior pool of IP's


> All clients will be XP machines but I want to use Linux for the OpenVPN
> server and the client at the office.  It's also vitally important that
> when connected to the VPN, all traffic must go over that connection.

see above

> I'd also really like it if the users of the road warrior machines could
> be authenticated via RADIUS as we have an RSA SecurID server that can
> function as a RADIUS server.  I've looked at the PAM module for this and
> it looks promising for this function.

> On another point, does anyone have any real life figures to what
> throughput you can get through an OpenVPN server using 128 or 256bit
> AES?  Clearly this depends on CPU etc but some examples would be great!

Your typical intel processor nowadays has sufficient beef for the
Broadband one typically can afford. I run mine on 233 Mhz embedded
machines with a SC1100. Some ARM based systems appear to have issues
with context switching, so passing data from kernel to userspace may be
an issue. I have no figures though.

OpenVPN mailing lists