Want to establish VPN in a Organization Pease Help

[raja_s_patil]

Hello,

We are Software developers and we have a client using our software in Lan for more than a decade.
They have a HO and about 20+ branches. As of today they have Linux DB server which also has
samba server and Windows clients (98/xp) are running Delphi application. Each branch has independent
database which is updated by Branch staff. Each Branch has 5 to 15 nodes in lan.

Now they plan to run application on Linux with help of wine so each node will be a Kubuntu with samba server
on each M/C to share files between each other at branch level. The Database at each branch will be replicated
to HO and HO will have a Central MIS application which Branch staff should have access. Ho will be having
a Fixed IP Internet connection and branches will be having Broadband Internet connections.

We have read about OpenVPN long back so proposed to have VPN so that Replication data will be moving
through secured tunnel plus Branch/HO staff can browse Total Network in "network neighborhood"
(equivalent in Linux) and share files between each other securely. Well we foresee speed problems though.
The client has requested us to study this option in detail and discuss pro and cons in few days time.
What we plan to do is to have different work group names for each branch so that while browsing
network one can easily identify branch and its nodes.

Naturally VPN will be of Spoke-Hub(HO) topology and at gross level, we are aware of how OpenVPN is Configured.
With this information we have few queries please help up in that.

1. is it necessary to have different ip ranges for each branch. Like B1 - 10.66.1.0/24, B2 10.66.1.0/24 ....
tunnel end points we will use 10.77.1.0/24 range.
2. When Different Workgroups are used for each Branch, will network Browser be able to show Branch M/Cs
grouped under that group name. A small test we conducted on a Lan with same ip range but windows
machines were given different workgroups they were shown as expected on Linux M/C.
3. Whether we should use TAP or TUN ?
4. When one branch is accessing Other branch Data/File/resources will whole traffic pass through HO server ?
5. How do you Find this plan or would like to suggest something different design with OpenVPN.

Thanks and warm regards

Raja

[sunshine1708]

Great idea! Good luck!

[Mimiko]

1. Just setup the sites with desired IPs. The tunnel will have a different IP pool just for connection.
2. Its all up to samba server.
3. Using samba for netbrowsing and wins resolutions the TUN in routed mode is preferable for les perfomance ippact.
4. Yes. The main OpenVPN server will have to be the powest with more large bandwith connection.

[ultraman]

This tips are really very helpful. Thanks for the post.

[Marianne Johnson]

Thanks for this useful tips. [Link Removed for advertising]