[Openswan Users] Remote Office Advice?

Jeff Frantz jfrantz at itstechnologies.com
Wed Jun 21 18:18:24 CEST 2006 

Brett,

I did this exact same thing back in the summer of 2001 using FreeSWAN.
At the time we were using frame-relay for WAN connectivity to 9 offices,
including VoIP.  We had a full T1 at the HQ and 256K or 512K at the
remote offices.  I was concerned that VPNs over DSL and cable modems
woudn't be fast enough but I couldn't have been more wrong.

Using FreeSWAN turned out to be much better and just as reliable as the
frame network and VoIP worked perfect over the VPN.

You will probably have to put your remote offices on separate subnets.
You can run DHCP on the local Openswan box in each office.

At the time I configured FreeSWAN, I used dual P3 1GHz machines to
prevent any encryption/compression bottlenecks.  These machines were
probably overkill but there was very little latency at the VPN box.

-Jeff

-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Brett Curtis
Sent: Wednesday, June 21, 2006 2:59 PM
To: Openswan Users mailing list
Subject: [Openswan Users] Remote Office Advice?

I am ordering a couple servers to begin setup of a remote network. I  
already have openswan running in my current network for OSX & WinXP  
roadwarriors. In addition to this conn, I would like to setup 'subnet  
passthrough'

This is my plan.

[192.168.1.0/24]--(switch)---->[Local Office Firewall/Ipsec]----> 
{INTERNET}<-------[Remote Office Firewall/Ipsec]--(switch)-----> 
[192.168.1.0/24]

Is this type of setup possible?

I more or less want the remote network and all machines behind it to  
use my local dhcp server dns server and all other internal services.

Once I get this running I would also like to enable the remote office  
to use or VoIP system. Ideally I would ship down pre programed IP  
phones they would plug it in and be on our system.

Setting up a remote office is brand new to me so your input would be  
great.

Do you recommend me to use a different setup (if this one is even  
possible)? What could I expect for VoIP(h323) Traffic over an ipsec  
connection? Any experience with VoIP and ipsec (good results / bad  
resutls)?

So this is what I "think" I want unless the vets have better  
suggestions.

Extra info if needed:
The remote office has three users now with potential to grow to six  
or so over the next couple years.
Our Local office has ten users now with potential to grow to 15 or so  
over the next couple years.

Thanks for your time.

Brett
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list