Hi, I'm planning to deploy OpenVPN. I think its a fairly simple use case: field workers need to connect to their desktop when they are out of the office. They will connect using Remote Desktop on Windows machines. The office network looks like: Linux Server acting as firewall, and a small LAN.
I believe I've come up with 2 possible ways of doing this, and I'm wondering if others may have some feedback on what I'm proposing
Scenario #1: Setup an OpenVPN server on each of the client machines (only 3 or 4) on the local LAN. Setup port forwarding on the firewall so that incoming requests for their respective ports are forwarded to local LAN ip. I would use the TUN interface in this case.
Scenario #2: Setup OpenVPN on the Linux machine. In this case, I'd have to set it up with TAP so the field workers could see other computers on the network. Then, they would just use the IP address of their computer on the local LAN.
I'm still not sure I entirely understand the TUN/TAP concept. Any advice would be appreciated, Thanks
Advice on openvpn deployment
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Advice on openvpn deployment
tap devices are layer2 devices ,meaning that you can use tap device to do bridging
tun devices are layrer3 devices .meaning that you can use them only for routing scenarios..
i recommend you use routing in your vpn.
Michael.
tun devices are layrer3 devices .meaning that you can use them only for routing scenarios..
i recommend you use routing in your vpn.
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sat Dec 17, 2011 3:50 pm
Re: Advice on openvpn deployment
Thanks for the reply Michael.
Just to follow up, what are your thoughts on deploying an OpenVPN server to individual client machines? I'm only anticipating a few machines, and it won't be scaling up anytime soon.
Also, if I were to set up the OpenVPN server on the linux machine, and I used routing, is it possible for each client to remote desktop into their own machines? For example, User A has machine at 192.168.1.10 and User B has machine at 192.168.1.18. Once they connect to the VPN, can I have them both remote in to their own machine? I'm guessing I'd have to set up some forwarding rules in iptables?
Just to follow up, what are your thoughts on deploying an OpenVPN server to individual client machines? I'm only anticipating a few machines, and it won't be scaling up anytime soon.
Also, if I were to set up the OpenVPN server on the linux machine, and I used routing, is it possible for each client to remote desktop into their own machines? For example, User A has machine at 192.168.1.10 and User B has machine at 192.168.1.18. Once they connect to the VPN, can I have them both remote in to their own machine? I'm guessing I'd have to set up some forwarding rules in iptables?
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Advice on openvpn deployment
if you have 2 pcs inside your lan which are needed to be accessible from openvpn clients
it is very easy to accomplish this by using routing scenario.
my suggestion is to use certificates.
ps: the only downside/problem you might face is if your local lan has common used ip range (fe 192.168.1.0).
Michael.
it is very easy to accomplish this by using routing scenario.
my suggestion is to use certificates.
ps: the only downside/problem you might face is if your local lan has common used ip range (fe 192.168.1.0).
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sat Dec 17, 2011 3:50 pm
Re: Advice on openvpn deployment
Ok, thanks. I'm not sure I entirely understand all of what you said, but I'll continue working on it and post back if I run into any issues
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sat Dec 17, 2011 3:50 pm
Re: Advice on openvpn deployment
Hi, I just wanted to follow up after I got my deployment working.
Michael, the routing worked as you described, and it actually turned out to be a fairly straight forward process to configure.
Thanks again
Michael, the routing worked as you described, and it actually turned out to be a fairly straight forward process to configure.
Thanks again
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Advice on openvpn deployment
glad to helped you out.
closing topic.
Michael.
closing topic.
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"