3

I am managing the network of two schools, each one with different static public ip for internet (two routers) and ~30 computers. I want to connect the two LANs since in the main building there is a Debian server with a DHCP+DNS that should assign every IP so we can keep track of what the students are visiting.

I have tried with VPN but this way I have to install a VPN client in every device and centralized DHCP it's not possible. Maybe I have to set up a gateway server with two NICs in the other building?

Any ideas on how to do that is greatly appreciated.

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
Giulio Zausa
  • 31
  • 4

2 Answers2

4

You can do this by putting a firewall on each LAN that acts at the default route. Each firewall can then run a VPN solution like OpenVPN or IPSec to make the two networks available to each other. This can be done rather easily with various free firewall distributions, such as PfSense.

Centralized DHCP doesn't make much sense (like, what happens when the VPN is down?) and DHCP isn't routable. It would make much more sense to have DHCP at each location. Same goes for the DNS... keep in mind what happens if the VPN is not working.

Late onset idea

Once you have a VPN, network resources such as DHCP and DNS information will be available from each location easily. Maybe that will be good enough for you. Or perhaps you can pull data from those servers and put it into a database or something for analysis.

Ryan Babchishin
  • 6,260
  • 2
  • 17
  • 37
  • He can still use DHCP relays to "route" DHCP traffic. – pistache Aug 13 '16 at 11:59
  • 1
    @pistache Yes. But I think I'd reserve that for a very stable network, single network. This would be two local networks interconnected via the Internet which is known to go up and down, etc... What would happen? Is there a realistic, reliable way to do it? – Ryan Babchishin Aug 13 '16 at 15:19
  • The OP mentioned he wants to centralize DHCP so he can "keep track of the users". While this may not be the best way to do this (and it's not enough), sharing a DHCP server is still better than spanning an L2 domain as DHCP relays can have their own caches and use an L3 tunnel with very low bandwidth. Now, the realistic, reliable way to do this is to make other decisions at upper levels (split infrastructures with configuration management, for example), but that's out of scope :) – pistache Aug 13 '16 at 15:23
  • @pistache Yes, none of that is helpful and I believe it to be terrible advice. That's why I posted my own answer. – Ryan Babchishin Aug 13 '16 at 15:41
  • Quote: "in the main building there is a Debian server with a DHCP+DNS **that should assign every IP** so we can keep track of what the students are visiting". I just tried to stay in line with OP requirements (on which he may not have total control). – pistache Aug 13 '16 at 15:57
  • 1
    @pistache You're right he did have kind of a odd request to begin with. I just feel I can't recommend something I wouldn't do myself. – Ryan Babchishin Aug 13 '16 at 16:14
1

Spanning an L2 domain over the Internet is not recommended practice. Can't you have two networks with a centralized DHCP server (or two servers with centralized configuration) ? If you need to pass traffic between the two sites, you can then setup a routed tunnel at your gateways.

pistache
  • 225
  • 1
  • 6