Hello Matt,
I have used the OpenVPN options of Endian for a while, on 2.2 only
though. I hopefully can give you some information:
> 10.0.0.0/8 (School Campus LAN)
> |
> Main Endian Firewall
> |
> {The Inernet}
> |
> Offsite Endian Firewall
> |
> 192.168.33.0/24 (Remote Classroom LAN)
> 1. Do I want the remote site to connect to the main, or the main to connect
> to the remote? Does it make a difference?
It doesnt really matter. You want one location to act as a server,
another as the client. Typically you would choose the location with the
best up/download speed. In case you have 3 or more locations you want to
connect, you can even assign fallback servers. So the LocationA will try
to connect to LocationB, on fail will try to connect to LocationC. This
way you can quickly have a client becoming the server.
> 2. I think I have the remote connecting, but I can't ping anything on the
> remote LAN from the school campus. My guess is Routing isn't happening, or
> the remote Endian's firewall is blocking traffic.
Check answer to 5.
> 3. I currently have static WAN IPs for both the main campus and for the
> remote classroom. Could I use a DHCP address on the remote classroom if
> needed?
Connecting to a location with a static IP is always better since you
dont need to use dyndns or such. I dont have static IP addresses and
work with dyndns. There is some delay on disconnect/reconnect but its
reliability is good(not perfect). In your example of having the Main
location on static being the OpenVPN server it doesn't matter what IP
the OpenVPN clients have.
> 4. Which Authentication method is recommended? Is it common practice to use a
> PSK for Gw2Gw VPNs? Should I setup a user dedicated for the connecting remote
> classroom? I suppose I would need an additional one for another remote site?
The more the better I would say. Using Certificates is done easy, I
translated a forum post and send it to the mailing list some time ago.
You can readup on it to see how to setup certificates. You can of course
use certificates plus username/pass, its up to you.
> 5. I can see the server connected via the list of connected users, and I see
> that the connection was given an IP from within the speciffied VPN pool of
> IPs. In this case, It has the IP address of 10.199.0.2... Is that correct for
> a Gw2Gw vpn?
Seeing that your Main Location uses 10.0.0.0/8 and you have given the
OpenVPN server a range of 10.199.0.X to give to the clients, I think
this is the reason for 2. and this question. I havent gotten it to work
with using a different IP range for the clients (probably some routing
configuration). What I have done and had no problem using it, was to
give the OpenVPN client an IP from within the green IP range.
I would also advise you to readup on the OpenVPN documentation on
bridged and routed mode to choose the correct one for your needs.
Hope this helps a bit!
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user
