Results 1 to 6 of 6
  1. 06-27-2012, 03:03 PM #1
    Nicarlo
    Nicarlo is offline
    Untangler
    Join Date
    May 2012
    Posts
    30

    Default OpenVPN for Multiple sites

    Hey guys,

    I have multiple sites all running an Untangle Router and im looking to have them all connect back to the main HQ through VPN and have (see attachement) site 1 be able to view the HQ, site2 and site 3 while site 2 and 3 not be able to see each other.

    So my first question is would OpenVPN be the right candidate for such task or is it better to look at an alternative such as IPsec

    Im contemplating which route to take and which one would be able to accommodate my needs!

    Any insight on this would be greatly appreciated
    Attached Images Attached Images
  2. 06-27-2012, 06:08 PM #2
    jcoffin
    jcoffin is online now
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    2,633

    Default

    There are pros and cons with either OpenVPN and IPsec.

    OpenVPN for multiple sites works like a wheel hub where all the remote site connect to one site which is the server (master). All the traffic from one remote site must traffic through the master to the other remote site. This makes for higher bandwidth demand from the master site.

    remote A -------> master site (OpenVPN server) <-----------remote B

    OpenVPN is much easier to setup and works with roaming remote users (laptops).

    IPsec is a site to site only and each site has to have a IPsec profile to each of the remote sites.
    Last edited by jcoffin; 06-28-2012 at 09:35 AM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com
  3. 06-28-2012, 09:28 AM #3
    TirsoJRP
    TirsoJRP is online now
    Master Untangler TirsoJRP's Avatar
    Join Date
    Oct 2010
    Posts
    172

    Default

    IPSec.

    As jcoffin states, traffic from one site must pass through HQ to reach another site. That will waste a lot of bandwidth.
    Last edited by TirsoJRP; 06-28-2012 at 09:30 AM.
  4. 06-29-2012, 09:12 AM #4
    Nicarlo
    Nicarlo is offline
    Untangler
    Join Date
    May 2012
    Posts
    30

    Default

    The master server would be in a datacenter so bandwidth wouldn't really be an issue plus only one site will have access to communicate with all of the other sites. Every site will be able to access the master server though.

    If that's too complicated to understand maybe this will help you visualize the setup (or not)

    Master site network 10.10.10.1
    Site w/access to all sites 10.10.0.1
    Site 2 10.10.1.1
    Site 3 10.10.2.1

    Master site 10.10.10.1
    <---> 10.10.0.1
    <---> 10.10.1.2
    <---> 10.10.2.1

    Remote Management site 10.10.0.1
    ---->10.10.1.1
    ---->10.10.2.1
    ---->10.10.10.1

    I'm thinking openvpn would be the best in this situation

    Thank you all for your help!
  5. 06-29-2012, 11:37 AM #5
    sky-knight
    sky-knight is offline
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    16,913

    Default

    Just export all sites' IP ranges and they will all be able to access each other. If you want to control that access, you'll simply use the firewall module on the Untangle in the datacenter.
    Rob Sandling, BS:SWE, MCP
    Intouch Technology
    Phone: 480-272-9889
    rob@intouchtechllc.com

    UntangleAppliances.com
    Phone: 866-794-8879
  6. 06-29-2012, 12:15 PM #6
    Nicarlo
    Nicarlo is offline
    Untangler
    Join Date
    May 2012
    Posts
    30

    Default

    This makes perfect sense!

    Thanks Sky!
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


SEO by vBSEO 3.6.0 PL2