Site to Site OpenVPN
Posted: Sun Oct 09, 2011 3:23 pm
Hi all,
I need some help.
Please, sorry for my English since it is not my native language.
I promise to write a very detailed tutorial about this after successful implementation in 2 weeks and post it here.
Also I very ask you do not point me to another link or tutorial unless it regarding my question exactly. I’ve already read 2 books (Beginning to OpenVPN and OpenVPN Cookbook) yet still have to clarify some points.
We have a virtual LAN from ISP with 14 subnets like 10.0.23.0/30 for each branch. The 1st IP is for gateway and the latter one is assigned to OpenVPN server. Every branch have 3 workstations plus OpenVPN server. Link on main site is 1024 Kbps, branches have 256 Kbps. On the main site we have several servers like Database, Web, Active Directory, DNS, DHCP, NTP etc. Figure 1. WAN
So, we need to join all our sites together. Additionally, my boss doesn’t want to keep certificates on each PC, consequently I decided to organize site-to-site VPN, where no one server and workstations except OpenVPN know about VPN and they communicate each other directly.
Workstation PCs must obtain IP from DHCP server and login to Active Directory (windows 2003) domain. After login they are allowed connecting Web server.
I know there’s a method like Ethernet bridging. But authors of books advised to avoid using Ethernet bridging. I can’t imagine how to achieve my purpose without bridging.
So here is my questions:
5. Is it good idea to use Ethernet bridging, if not what way should I follow?
6. I don’t want my client sites communicates each other, only main site must be reachable from workstations. I suppose within bridging it is not possible?
7. How to assign IP addresses for our workstations behind OpenVPN servers directly from our DHCP server (with proper gateway and DNS) so they can login into AD.
8. Should I have DHCP relay on each OpenVPN server in routing mode to pass DHCP offers/requests to workstations from DHCP server?
I need some help.
Please, sorry for my English since it is not my native language.
I promise to write a very detailed tutorial about this after successful implementation in 2 weeks and post it here.
Also I very ask you do not point me to another link or tutorial unless it regarding my question exactly. I’ve already read 2 books (Beginning to OpenVPN and OpenVPN Cookbook) yet still have to clarify some points.
We have a virtual LAN from ISP with 14 subnets like 10.0.23.0/30 for each branch. The 1st IP is for gateway and the latter one is assigned to OpenVPN server. Every branch have 3 workstations plus OpenVPN server. Link on main site is 1024 Kbps, branches have 256 Kbps. On the main site we have several servers like Database, Web, Active Directory, DNS, DHCP, NTP etc. Figure 1. WAN
So, we need to join all our sites together. Additionally, my boss doesn’t want to keep certificates on each PC, consequently I decided to organize site-to-site VPN, where no one server and workstations except OpenVPN know about VPN and they communicate each other directly.
Workstation PCs must obtain IP from DHCP server and login to Active Directory (windows 2003) domain. After login they are allowed connecting Web server.
I know there’s a method like Ethernet bridging. But authors of books advised to avoid using Ethernet bridging. I can’t imagine how to achieve my purpose without bridging.
So here is my questions:
5. Is it good idea to use Ethernet bridging, if not what way should I follow?
6. I don’t want my client sites communicates each other, only main site must be reachable from workstations. I suppose within bridging it is not possible?
7. How to assign IP addresses for our workstations behind OpenVPN servers directly from our DHCP server (with proper gateway and DNS) so they can login into AD.
8. Should I have DHCP relay on each OpenVPN server in routing mode to pass DHCP offers/requests to workstations from DHCP server?