-   Linux - Networking (
-   -   Merging two LANs with OpenVPN across the Internet (

tedcox 12-28-2006 10:26 PM

Merging two LANs with OpenVPN across the Internet
I'm trying to figure out how to use VPN to add one small network (less than 10 machines) to another (also less than 10). Both Networks are in different states, with different ISPs. Basically, I would like to use a VPN pipe to make all the machines local from a network perspective. Ideally, I would like them to still route out their respective ISP pipes for internet queries.

Here is the topography as it stands now:

LAN A is routed by a CentOS 4.3 machine which acts as the OpenVPN server.
eth0 connects to the internet.
br0 is a bridge to all of the local LAN interfaces:
  • eth1 - local wired ethernet connections
  • wlan0 - local slow wireless connections (801.11b)
  • ath0 - local fast wireless connections (802.11A)
  • tap0 - virtual VPN interface

LAN B is routed by a Westell modem. I would like to replace this with a linux box, but am unable to at this time. However, there is a Sparcstation 4 on LAN B running Aurora 2.0b2 which has OpenVPN installed and is able to connect to LAN A.

Currently the Sparc machine can see all the machines on LAN A. Machines on LAN A are able to talk to the Sparc. However no other machines on LAN B can communicate with LAN A and nothing on LAN A can talk past the Sparc.

It seems to me that lots of corporations these days are connecting satellite offices to their LANs using VPN. So this should be possible, but I am at a loss to figure it out.

What I have tried:
1) Bridging the physical eth0 adapter on the Sparc with it's virtual (tap0) adapter. This broke VPN completely.
2) Building a static route table so that machines would see the sparc station as the route for connection to the IP space on the VPN. This didn't break VPN, but would not get traffic past the tap0 interface on the spark.

Is there a Howto out there to help me do this that I am missing? Everything I can find seems to be a client connection to a LAN. I can't find an example of a Network connecting to another Network via VPN. Thoughts, ideas, and suggestions are appreciated. Also, I only have until the 1st to get it working. After that, I have to go back to Real Life (TM).


fotoguy 12-29-2006 11:16 PM

I haven't yet setup a VPN but I know they can be quite frustrating to get enough information and to set one up properly. My suggestion would be to download a free dedicated firewall application called IPCOP. I used IPCOP for over 3 years just as a firewall, and It has VPN through IPSEC support and can connect either network to network or client to network.

It uses a web-based configuration interface which is really easy to use, so you should be able to setup a IPCOP firewall at both locations and setup the VPN. This is probably the easy way out, but it should save you a lot of headaches and then you know both sites are secure.

Though it maybe worth a mention.

tedcox 12-30-2006 09:31 AM

I just want to clarify... Are you saying IPCOP will let us seemlessly merge the two LANs? Or simply that it will allow VPN? We already have VPN working successfully, so I'm focused on the former.


tedcox 12-30-2006 10:39 AM

OK. I did a little looking, and unless I'm missing something, IPCOP is a complete linux distro. So I would have to reroll both machines. I'm just looking to add a function to machines that are already running and doing a great job.

All times are GMT -5. The time now is 06:40 AM.