OpenVPN concept problem
Posted on 2006-07-11
I need some help in some concepts about VPN:
I have two LAN in different cities and i need one computer to access the other one's services (an accounting software in this case). I'll call them LANHOME (the "server" LAN) and LAN-REMOTE (the "client" LAN).
Inside "LAN-HOME" there's a computer named GATEWAY which is a Linux machine providing proxy, email, firewall, etc. There's also a machine called TARGET which has the accounting software we need to allow other users to use.
Inside "LAN-REMOTE" there's also a computer named GATEWAY, also a linux machine providing proxy, firewall, etc. And there's a PC called GUEST which need to access a shared folder in TARGET in "LAN-HOME".
We installed openVPN (2.0.7, the last one i think) in GATEWAY in LAN-HOME. We designated it as a server and started the service after creating two users according to the manual in openvpn.net. We copied the ca.crt, client1.crt, client1.csr and client1.key files into GUEST and also installed the openVPN (for windows as GUEST is XPSP2).
We used TUN (modprobe tun) in GATEWAY in LAN-HOME. This is a mandrake 9.1 machine with firewall disabled (just for testing). Actually it shows a lot of stuff and it seesm to connect (at least both client and server show a lot of stuff and finally says: Initialization Sequence Completed. We use 192.168.2.0. network in LAN-HOME and 192.168.10.0 in LAN-REMOTE. We used 10.8.0.0 for the tunnel (as it said in the manual in openvpn.net). We can ping the tunnel other side (10.8.0.1).
My funny question is: Now what ? afaik, now we have a tunnel from GUEST to GATEWAY in LAN-HOME. Now, how do we "enable" GUEST to access the internal network in LAN-HOME in order to reach TARGET? i read later that this is achieved through bridging. is this true ? if so, then what for is tunneling ? as i remember, bridging requires a big bandwitdh because it sends all trafic from each side to the other one and although seems a good choice, i've read that it requires kernel complie, and lot's of things i don't handle very well (some bridge-utils thing, etc). And again, what for can i use the tunnel i have now ?
Or, the VPN server should be in TARGET and i should forward traffic from port 1197 in GATEWAY in LAN-HOME to TARGET ? wouldn't this be a problem after the firewall rewrites packets ?
I read also that a TUN adapter is for tunneling (routing) and TAP for bridging. is this true ?
Thanks a lot. As you can see it's more of a concept problem.