|
|
Chris Clarke wrote: > Hi, > > I've been looking into a VPN solution and have been really impressed by > what I've seen so far from OpenVPN. > > As a first project into the VPN arena, I think what I'm attempting is a > bit ambitious but I thought I'd put it out here and see if any of you > good people could advise me on this. > > I have to provide remote working to 2 groups of people. Some will be > individuals connecting in from home etc (Roadwarriors essentially) and > the others are setting up small (<4 computers) remote offices. I was > initially going to configure all these to be the same and have them all > acting as roadwarriors but there is some interest in using network > printers at the offices and possibly IP telephony too. For the offices I would use a small OpeVPN appliance, you can use a small linux distro running of a flash disk, for example. If you need remote printing you will have to assign proper routing to these offices. > > Is it feasible to set up a situation where I can use a gateway machine > to effectively create this > > Main LAN -- OpenVPN Server --Internet -- Broadband router -- OpenVPN > client ----- Small LAN > 10.x.x.x 192.168.30.2 (DMZ) 192.168.254.1 192.168.254.2 > 192.168.40.1 192.168.40.x > > Broadband router -- OpenVPN > client ----- Small LAN > 192.168.254.1 > 192.168.254.2 192.168.41.1 192.168.41.x > > Broadband router -- OpenVPN > client ----- Small LAN > 192.168.254.1 192.168.254.2 > 192.168.43.1 192.168.43.x > > Broadband router -- XP Machine > with Client > 192.168.254.1 192.168.254.2 > (192.168.60.x) > > XP machine issued with IP from a roadwarrior pool of IP's sure > > All clients will be XP machines but I want to use Linux for the OpenVPN > server and the client at the office. It's also vitally important that > when connected to the VPN, all traffic must go over that connection. see above > > I'd also really like it if the users of the road warrior machines could > be authenticated via RADIUS as we have an RSA SecurID server that can > function as a RADIUS server. I've looked at the PAM module for this and > it looks promising for this function. > > On another point, does anyone have any real life figures to what > throughput you can get through an OpenVPN server using 128 or 256bit > AES? Clearly this depends on CPU etc but some examples would be great! Your typical intel processor nowadays has sufficient beef for the Broadband one typically can afford. I run mine on 233 Mhz embedded machines with a SC1100. Some ARM based systems appear to have issues with context switching, so passing data from kernel to userspace may be an issue. I have no figures though. cheers ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |