VPN - basic knowledge / info about typical VPN configuration

dlugasx · 07-19-2010, 06:26 AM

Hi Gurus,

in my network all of my servers based on RedHat 5 and Centos 5.
Right now my boss told me that I have to connect two offices in two diffrent countries using VPN: Office Berlin and Office Hamburg.

In both offices we have huge local networks but in Office Berlin we have more services like (FileServer (samba), Database(oracle), some groupware).Lets say that Berlin is headquater.

How should I configure the VPN that people from both offices would be visible in LAN ? Is it possible ?

What kind of server / clients should I use ?

How to share for example fileserver based on samba thru VPN ?
Will it be visible in the LAN ? Or should I prepare special configuration ?

Would be great if somebody can explain me how its working in his network. Till now I have used only ssh to communicate between offices.

dlugasx

marozsas · 07-19-2010, 07:26 AM

Hi !

For this scenario I would recommend a gateway with VPN capabilities built-in.
You need one VPN gateway in each office. In each office the local network must use a different network number (I mean, 192.168.1.0/24 for Berlin, 192.168.2.0/24 for Hamburg - the real numbers doesn't matter, they just need to be different).

With this kind of setup, one in Berlin can open a windows share in Hamburg just using a network resource like "\\192.168.2.1\share". Other services will work as expected, you just need to use the IP of the server of the remote office.

AFAIK, application that rely on broadcast/multicast of IP does not work in this setup. For instance, you need a DHCP server for each office. Auto discovery of devices and services in several programs will not work too.

You don't need to configure anything in any server or client in the local networks. This is very similar to the regular routing. Think on VPN gateway as a router that knows the local network in the remote end, routing packets from/to in a secure way. So the communication between the branchs are very "transparent" for the computers and servers on the local network.

I use for this setup an opensource software-based gateway named Smoothwall (www.smoothwall.org) that I think is very good. It has the Inter-Office VPN feature built-in.

They have a commercial version too, with several support plans that your company may appreciate (like 24h support, phone support, etc). There is a appliance too. Please, check www.smoothwall.com
I never used the commercial version, don't take my advice as a strong recommendation, just as a suggestion based on what I know of the software-based opensource/community version.

The market is full of similar solutions, most are appliances. Names that come to my mind are SonicWall, Watchguard, Check Point Firewall One, among others.

dlugasx · 07-19-2010, 08:01 AM

Quote:

Originally Posted by marozsas

Hi !

For this scenario I would recommend a gateway with VPN capabilities built-in.
You need one VPN gateway in each office. In each office the local network must use a different network number (I mean, 192.168.1.0/24 for Berlin, 192.168.2.0/24 for Hamburg - the real numbers doesn't matter, they just need to be different).

With this kind of setup, one in Berlin can open a windows share in Hamburg just using a network resource like "\\192.168.2.1\share". Other services will work as expected, you just need to use the IP of the server of the remote office.

AFAIK, application that rely on broadcast/multicast of IP does not work in this setup. For instance, you need a DHCP server for each office. Auto discovery of devices and services in several programs will not work too.

You don't need to configure anything in any server or client in the local networks. This is very similar to the regular routing. Think on VPN gateway as a router that knows the local network in the remote end, routing packets from/to in a secure way. So the communication between the branchs are very "transparent" for the computers and servers on the local network.

I use for this setup an opensource software-based gateway named Smoothwall (www.smoothwall.org) that I think is very good. It has the Inter-Office VPN feature built-in.

They have a commercial version too, with several support plans that your company may appreciate (like 24h support, phone support, etc). There is a appliance too. Please, check www.smoothwall.com
I never used the commercial version, don't take my advice as a strong recommendation, just as a suggestion based on what I know of the software-based opensource/community version.

The market is full of similar solutions, most are appliances. Names that come to my mind are SonicWall, Watchguard, Check Point Firewall One, among others.

Thanks for nice explanations! This what I was looking for

Thank You very much