[Openswan Users] Remote Office Advice?

Brett Curtis dashnu at gmail.com
Thu Jun 22 10:55:58 CEST 2006


Hello thanks for the reply.

On Jun 21, 2006, at 5:18 PM, Jeff Frantz wrote:

> Brett,
>
> I did this exact same thing back in the summer of 2001 using FreeSWAN.
> At the time we were using frame-relay for WAN connectivity to 9  
> offices,
> including VoIP.  We had a full T1 at the HQ and 256K or 512K at the
> remote offices.  I was concerned that VPNs over DSL and cable modems
> woudn't be fast enough but I couldn't have been more wrong.

That is good to know. We will have two cable connections 1Mbps down  
and 256Kbs up. I hope this will handle it.

> Using FreeSWAN turned out to be much better and just as reliable as  
> the
> frame network and VoIP worked perfect over the VPN.

Another plus. This will be a huge cost saver for my company.

>
> You will probably have to put your remote offices on separate subnets.
> You can run DHCP on the local Openswan box in each office.

Yes, This sounds good. I could set the remote office up on a  
192.168.0.0/24 net and keep my local office the same.

>
> At the time I configured FreeSWAN, I used dual P3 1GHz machines to
> prevent any encryption/compression bottlenecks.  These machines were
> probably overkill but there was very little latency at the VPN box.
>

I am wondering how my roadwarriors would work connecting to the local  
office and if traffic to the remote office would route correctly.
Maybe roadwarriors on both ends would be the best option?

My current roadwarrior leases out ips on the same subnet as my  
internal network. I am looking to change this due to the fact that a  
lot of hotspots use 192.168.1.0/24 of course causing clients to fail.

> -Jeff
>

Thanks again for the feedback.

> -----Original Message-----
> From: users-bounces at openswan.org [mailto:users- 
> bounces at openswan.org] On
> Behalf Of Brett Curtis
> Sent: Wednesday, June 21, 2006 2:59 PM
> To: Openswan Users mailing list
> Subject: [Openswan Users] Remote Office Advice?
>
> I am ordering a couple servers to begin setup of a remote network. I
> already have openswan running in my current network for OSX & WinXP
> roadwarriors. In addition to this conn, I would like to setup 'subnet
> passthrough'
>
> This is my plan.
>
> [192.168.1.0/24]--(switch)---->[Local Office Firewall/Ipsec]---->
> {INTERNET}<-------[Remote Office Firewall/Ipsec]--(switch)----->
> [192.168.1.0/24]
>
> Is this type of setup possible?
>
> I more or less want the remote network and all machines behind it to
> use my local dhcp server dns server and all other internal services.
>
> Once I get this running I would also like to enable the remote office
> to use or VoIP system. Ideally I would ship down pre programed IP
> phones they would plug it in and be on our system.
>
> Setting up a remote office is brand new to me so your input would be
> great.
>
> Do you recommend me to use a different setup (if this one is even
> possible)? What could I expect for VoIP(h323) Traffic over an ipsec
> connection? Any experience with VoIP and ipsec (good results / bad
> resutls)?
>
> So this is what I "think" I want unless the vets have better
> suggestions.
>
> Extra info if needed:
> The remote office has three users now with potential to grow to six
> or so over the next couple years.
> Our Local office has ten users now with potential to grow to 15 or so
> over the next couple years.
>
> Thanks for your time.
>
> Brett
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327? 
> n=283155
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n(3155



More information about the Users mailing list