1

I'm researching how a VPN would work for 2 small offices, so users can connect to a file server in each office to create, write, & read files. All Computers are peer to peer, not domain based.

I'm wondering what the proper terminology is for these scenario's so I can do research, knowing what to "search" for etc.

1. Office A LAN 192.168.0.x, Office B LAN 192.168.1.x.

1A. Can they be different ranges, or MUST they be different ranges ?

1B. Since no domain there is no dns server, do I need to setup routing manually on each computer in each office, to tell it which network ip address is the vpn hardware, so it can effectively map a different ip to the remote VPN ?

1C. How does Office A access the file server at Office B - does user at Office A have a link in Network Places that points to the IP of the server at Office B ?

1D. If I want to use "names" instead of ip addresses to link to the remote file server, would I need to set that up on each computer in their hosts file?

2. File Access & Security

2A. Does the file server at Office A need to have the same user accounts as Office B, so users coming from Office B, connecting to the files server at Office A, security with ACL is maintained?

Steve Wasiura
  • 141
  • 1
  • 9

1 Answers1

1
  1. VPN can be IP route or can be ethernet bridge. Аdvantage of bridged: broadcast packets pass through and networks A & B form one switched network. In that case it should be one subnet to get advantage. Disadvantage of bridge: broadcast packets pass through. Broadcast traffic can be big enough to reduce performance of VPN.

Below assume routed VPN

1A. A & B MUST be in different subnet to be routed. (If make it different subnets is impossible, problem can be partially solved by using dst & src NAT, but it ugly)

1B. Windows domain, DNS and routing is three different things and routing not related to two other. To configure routing between A & B for example, computer know default gateway IP and default gateway have route to other network. If there no Internet or if vpn server is Internet gateway, vpn server can be set as default gateway for computers.

1C. hosts file is solution, but it require synchronization of hosts files on all computers. If at last one of computers is Windows Server or Linux Samba server then you can use WINS or DNS or both to resolve names to ip. And one side note - Network neighborhood work unstable in multiple subnet configuration.

Added. Also, in My Network Places can be created links with any name to connect server by IP.

2A. User must have account on server to get access with ACL. Using identical accounts on different servers is more comfortable to users. If user name and password on user workstation and on server is same, Windows work like "transparent" authentication (at first attempt to use local credentials to access server, if failed attempt guest access, if failed ask user for credentials).

mmv-ru
  • 704
  • 6
  • 17
  • 1: I think it will not be bridged. 1A: by diff subnets, do you mean diff ip ranges, Office A 192.168.0.x, office B 192.168.1.x ? or Office A 192.168.0.x, Office B 10.0.0.x ? 1B: ROUTES: I think I understand: ROUTES could be set in the DSL Modem Router used as the default gateway, instead of each individual computer, correct? 1C: local host file is my only possibility, Also, I should have said My Network Places, not Network Neighborhood. I'm thinking of shortcuts setup to access remote server. 2A: that's exactly what I thought it would be, thanks. – Steve Wasiura Jul 20 '11 at 15:39
  • 1A. About ip ranges: I think ip range is more general (for example 192.168.0.20-192.168.0.254 is ip range but not subnet). – mmv-ru Jul 21 '11 at 11:45
  • 1B. Right. I mean set routes in DSL modem. I prefer to configure sometinng in one place. It has only two con. Router performance and ability to configure. One more moment! Also possible to configure routes for all hosts in dhcp server. But dhcp in DSL modem can be lack of that feature. 1C. In My Network Places can be created links with any name to connect server by IP. – mmv-ru Jul 21 '11 at 11:57
  • I got it setup by turing the dsl modem /router into bridged mode, so now the dsl modem simply gets the dsl connection from the isp, and passes all traffic through to the firewall / vpn appliance. Thanks. Once I knew the terminology, I could find answers to what I was looking for. – Steve Wasiura Aug 01 '11 at 14:36