|
|
Erich,
Thank you for your comments, it's very helpful. Could you clarify what you mean by "proper routing" though?
Thanks
Chris C
> Date: Fri, 5 Oct 2007 13:29:16 +0000
> From: erich.titl@xxxxxxxx
> To: clarkec8@xxxxxxxxxxx
> CC: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [Openvpn-users] Feasibility of a VPN configuration
>
>
>
> Chris Clarke wrote:
> > Hi,
> >
> > I've been looking into a VPN solution and have been really impressed by
> > what I've seen so far from OpenVPN.
> >
> > As a first project into the VPN arena, I think what I'm attempting is a
> > bit ambitious but I thought I'd put it out here and see if any of you
> > good people could advise me on this.
> >
> > I have to provide remote working to 2 groups of people. Some will be
> > individuals connecting in from home etc (Roadwarriors essentially) and
> > the others are setting up small (<4 computers) remote offices. I was
> > initially going to configure all these to be the same and have them all
> > acting as roadwarriors but there is some interest in using network
> > printers at the offices and possibly IP telephony too.
>
> For the offices I would use a small OpeVPN appliance, you can use a
> small linux distro running of a flash disk, for example.
>
> If you need remote printing you will have to assign proper routing to
> these offices.
>
> >
> > Is it feasible to set up a situation where I can use a gateway machine
> > to effectively create this
> >
> > Main LAN -- OpenVPN Server --Internet -- Broadband router -- OpenVPN
> > client ----- Small LAN
> > 10.x.x.x 192.168.30.2 (DMZ) 192.168.254.1 192.168.254.2
> > 192.168.40.1 192.168.40.x
> >
> > Broadband router -- OpenVPN
> > client ----- Small LAN
> > 192.168.254.1
> > 192.168.254.2 192.168.41.1 192.168.41.x
> >
> > Broadband router -- OpenVPN
> > client ----- Small LAN
> > 192.168.254.1 192.168.254.2
> > 192.168.43.1 192.168.43.x
> >
> > Broadband router -- XP Machine
> > with Client
> > 192.168.254.1 192.168.254.2
> > (192.168.60.x)
>
> >
> > XP machine issued with IP from a roadwarrior pool of IP's
>
> sure
>
> >
> > All clients will be XP machines but I want to use Linux for the OpenVPN
> > server and the client at the office. It's also vitally important that
> > when connected to the VPN, all traffic must go over that connection.
>
> see above
>
> >
> > I'd also really like it if the users of the road warrior machines could
> > be authenticated via RADIUS as we have an RSA SecurID server that can
> > function as a RADIUS server. I've looked at the PAM module for this and
> > it looks promising for this function.
>
> >
> > On another point, does anyone have any real life figures to what
> > throughput you can get through an OpenVPN server using 128 or 256bit
> > AES? Clearly this depends on CPU etc but some examples would be great!
>
> Your typical intel processor nowadays has sufficient beef for the
> Broadband one typically can afford. I run mine on 233 Mhz embedded
> machines with a SC1100. Some ARM based systems appear to have issues
> with context switching, so passing data from kernel to userspace may be
> an issue. I have no figures though.
>
> cheers
>
> Erich
Are you the Quizmaster? Play BrainBattle with a friend now!
|
|