[NTLUG:Discuss] Looking for a VPN solution
Jack Snodgrass
jack+ntlug at mylinuxguy.net
Thu Aug 21 21:47:11 CDT 2003
On Thu, 21 Aug 2003 17:27:38 -0500, Thomas Cameron wrote:
> All -
>
> I have a client who has three offices. The main one has static IP
> addresses. The two others have dynamic IP addresses (RoadRunner). I need
> all three to be able to access resources on each of the other networks. We
> are currently using Windows 2000 PPTP tunnels and not liking it at all.
>
> I am looking at NetGear VPN routers, but I can't get a clear answer as to
> whether they would allow the two dynamically addressed sites to see each
> other.
>
> I see the $50 PCs at Discount Electronics, and I am thinking a FreeS/WAN
> solution might be the way to go. However, I've never used FreeS/WAN before
> and the preliminary look I've taken isn't reassuring.
>
> Any VPN gurus out there who have done anything like this before and can make
> recommendations? I need something which will be easy to set up and
> maintain, which is why the NetGear solution looks pretty good.
>
> Thanks,
> Thomas
I've had real good luck with vtund ( http://vtun.sourceforge.net/ )
When you say 'dynamically addressed'... do these addresses change on
an hourly basis or just every once in a while? I do a vpn with vtund
and my sites use DHCP. When ever I get a new IP Address on my servers,
I update the address on a central server that doesn't change it's
IP Address. As part of my vtund connection script, I get the 'latest'
IP Address of the remote server from the central server. If the
link goes down... when I reconnect, I re-query the server to get the
IP Address again.
When you say 'sites to see each other'.... are you talking TCP packets
or UPD? I don't know if UDP packets go transparently across VPN networks
like these or not. I think that you'd set up something like
MAIN - 172.16.14.0 / netmask 255.255.255.0
Remt1 - 172.16.15.0 / netmask 255.255.255.0
Remt2 - 172.16.16.0 / netmask 255.255.255.0
now... you'd use vtund and establish tunnels like
main <--> Remt1
main <--> Remt2
Remt1 <--> Remt2
this way, each site can talk directly to the other sites.
jack
More information about the Discuss
mailing list