Should I install a VPN server per site?

[Gadin]

I have a project to interconnect the sites of my business. We currently have 5 sites, including two major and three secondaries. Each of the five sites has an Internet connection through an ISP. The chief objective for us is to enable communication and sharing of resources between all sites. I'm leaving on his openvpn and I opt for a bridge mode so that different LAN can communicate. I have two questions :

• Should I install a vpn server per site?
  In my case, for example if I install a vpn server put on a website (a major), a vpn client on each of four sites, and I create a bridge between each client and the server, it would suffice to get the result?
• According to my last question, after configuring the server and client bridge mode, how to make it effective for the bridge tunneling?

Thank you in advance for your lights.

[SreeKanth]

You install your VPN account with what software? Because you have multiple possibilities. For example, if you have a Windows Server 2003, or 2008 (it works well), you activate the management of VPN. But do not you forget that your sites have a different address pool :

• 192,168,253 for the site's server 2003
• 192.168.2 for site 2
• 192.168.3 for site 3
• 192.168.4 for site 4

Avoid 192.168.1 because of the different products that can use it (like the livebox).

[Billie]

Should I install a vpn server per site?

No it is not necessary. In my situation to install, for example, if I locate a VPN server on a site, a VPN client on each of four sites, and I create a bridge between each client and the server, it would be adequate for result? Yes, you put the VPN server on a site that you defined as primary. All other sites will be clients of that server. If you opt for openvpn conf must be in the server indicate that customers can see them, head is something like client-to-client = yes.

[Jannat]

From my last question, after configuring the server and client bridge mode, yt it how to make the bridge owner to tunneling. In bridge, if the directive client-to-customer is informed, you should be able to communicate with other networks. In normally bridge the networks see them on their "real" IP (eg 192.168.xx) that interfaces are Ethernet and bridged tap (combined into a single interface, that is the beauty of the trick of elsewhere) unlike road or how he does see that the IP. (10.8.0.X example) (tun and eth are two different entities in this case). After it depends on the software and the OS. My advice applies on OpenVPN.

[Gadin]

Thank you for your answers. For prerequisites, all my sites are connected to the internet with a bandwidth of 128KB each site. I think it could flow a problem, but I would like you to confirm this. We have increased the number of sites to interconnect 15 (1 main and 14 secondary). What you advocate in this case with the bandwidth of 128 Kb, between bridge mode and routed mode? Which of the two modes would manage the potential problem of bandwidth in communications? I have another concern is the question: When is the OpenVPN server in DHCP, it's just for the VPN, or it acts as a DHCP server for the entire infrastructure? I mean on a local network with DHCP addressed, the presence of the OpenVPN server in DHCP is transparent?

[Allan.d]

Regarding the bandwidth, it depends on information that you want to get in your pipes (Samba FTP etc ...). The best thing is to make a client server model that enables you to test perf bandwidth with Iperf example. Concerning your problem, dhcp, apparently in bridge mode openvpn server can use DHCP with the directive server-bridge (I say apparently because I have never played bridge, I made it to the doc), the road mode OpenVPN server responsible for assigning addresses for the VPN network (eg 10.8.0.0). In road mode you'll need a dhcp per site for distribution on the LAN 192.168.2.0, 192.168.3.0, etc ...

[Techguru01]

At first glance I would say it is a problem default route that does not fit well under windows. To ensure this :

• Start, then Run, type cmd, then in the command window type route print.
• What client do you use openvpn for windows? Otherwise there anything in the logs?

[rogerjeny]

It is not that much necessary to install because regarding the bandwidth it depends on information . The best thing that you have to create the client server modal that enables to test the perf bandwidth . Then only you have to install the VPN server per site .

[Gadin]

Today we have two ISPs, then two internet connections, with one primary and one backup. But my goal is that both routes are used in real time, instead of waiting until it is cut before the other active. I planned and set up an infrastructure for high availability and load balancing on Internet connections that have not made the same bandwidth. So I installed a fresh debian Lenny and I have configured routing and separate default routes and loadbalancing, with a script to failover, which automatically scales all traffic over a single link in case of failure first. I tested the functionality of my router and everything works fine now I have to put into production in light of the existing. Do you think that with such a logical topology, my system will keep his vocation?

[Larry ward]

I do not know exactly how the forum in terms of design, but as I said, I sent a reply with the link to the image topology. If until now you do not understand my problem because I can be all integrated into my message (NAT and VPN), so regarding VPN, I know how to :

• Managing a VPN server behind a router with a private address to the VPN server
• Managing a VPN behind a router with two external interfaces / public
• Manage if the VPN server is the router itself and has two external interfaces.

As I said in the last message with the picture, my environment is essentially Linux, my tools and my open source OpenVPN VPN server.