Page 1 of 1

New User - Proposal

Posted: Wed Jul 20, 2011 3:55 pm
by micklacey
Hey gusy im not sure this is possible.

Basically i need to change from hamachi as it is giving me a load of trouble and open VPN seems to fit what im looking for.

Basically I want my LAN to be able to connect to remote customer sites over VPN that is always on for DB checks etc.
Hamachi in theory would be great but we are having a load of problems with it on DB resyncs etc.

So my question is would the following diagram be a feasible setup for this type of config?
What would the scalability be for 1 server -100 clients etc?
also would my LAN guys need a VPN client instaled or could the Open VPN box act as a router in that way considering my switches are layer 3.

anyways thanks for your help. very appreciated.

Image

Re: New User - Proposal

Posted: Thu Jul 21, 2011 5:36 am
by Mimiko
Hello.

It's possible. Assuming that computers on your LAN have default gateway set to switch, then configuring switch to NAT all packets for 172.16.0.0/16 bak to LAN interface and destination(gateway) to 172.16.0.1 (OpenVPN servers's IP).

Code: Select all

Route add 172.16.0.0 mask 255.255.0.0 172.16.0.1 metric 1 if x
x - LAN interface on switch,
and NAT it.

Or add on every LAN computer a route for 172.16.0.0/16 to gateway 172.16.0.1.

Code: Select all

Route add 172.16.0.0 mask 255.255.0.0 172.16.0.1 metric 1

Re: New User - Proposal

Posted: Thu Jul 21, 2011 12:16 pm
by maikcat
hi there,

my suggestions:

you can create a basic server mode openvpn installation and simply
push a route for your internal lan to openvpn clients (100 clients are handled perfectly)
if you dont want your clients to see your internal lan you can simply
filter out traffic ON openvpn server itself.
if you want connections made from your internal lan clients to seem coming
from vpn server itself you can create a static nat entry on openvpn server itself.

you must also add a static route to lan pcs default gateway for the openvpn subnet...

cheers,

Michael.