Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
There are several local branch offices and one headquarter, each of these is configured with a LAN/Intranet behind a gateway (firewall, routing, etc.). Each branch office has traffic to headquarter for accessing some internal servers. In addition, there is occasional access from one branch office to another.
Goal: we want each gateway to each gateway to be a VPN connection. However, traffic via LAN is not expected to be VPNed.
Is it better to configure this VPN to be a bridged or routed?
As to connections, it seems there are two options:
1. For each LAN, create a point-to-point VPN between its gateway and every other LAN's gateway.
pros: it meets our goal to have vpn between pair of gateways.
cons: I have little experience of openvpn configuration. However, it seems to me that, in this configuration, the following facts and issues make it complex: multiple openvpn instances running on each gateway (one for a VPN to either another branch office or to headquarter), assign different port numbers for these instances, avoid overlap of ip ranges among these vpns.
2. On headquarter, configure its gateway as a "many-client" openvpn server. Configure each branch office's gateway as openvpn client.
pros: simple, only one configuration for each gateway.
cons: since I have no previous experience in openvpn, I am not sure if this is a valid configuration and if it meets our goal to have vpn connection between gateway pairs. Since all these LANs use private IP addresses, NAT is used on each gateway for Internet access. How OpenVPN works with NAT in this configuration? Can branch office users access other branch offices and headquarter?
1. with openvpn you create a set of keys/certificates for each branch.
- Every Branch connects via openvpn-client to the headquter
- Use of bridged mode should be enough.
pro: once you become accustomed to the keys/certificates generation, you can connect new
branches very effectively.
The openvpn-documentation is straightforward and there are tons of howtos
cons: you have to implement a strong networking scheme (IP adresses etc)
2. The docs say you can configure Openvpn to let the clients see each other clients.
But this is a all or nothing solution. (Sorry no experience with this)
Openvpn works witH NAT, even with private IP addresses.
1. with openvpn you create a set of keys/certificates for each branch.
- Every Branch connects via openvpn-client to the headquter
- Use of bridged mode should be enough.
I guess this means for each vpn connection, we have a separate configuration for both server and client. Right? For example, say, we have 2 branch offices O1 and O2 and 1 headquarter H. We want openvpn for traffic between O1 and O2, O1 and H, O2 and H. As I understand so far (may be wrong, on each site, there are 2 configuration files, one for each vpn. For example, on H, it has one server configuration as openvpn server for connection to O1 and one configuration for O2. So, we need to run 2 openvpn instances. On O1, there are also 2 configurations, one for connection to O2 and one for connection to H. For each configuration, different IP address ranges are used. Is this right? Thanks!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.