Connecting to 6.5 networks together via VPN

Posted on 2006-07-14
Medium Priority
Last Modified: 2012-06-21
I am going to connect two 300 user 6.5 Netware networks (identical version, etc.) via VPN connection.  I have the VPN setup but not active yet.  I have no experience with this so am afraid to connect the two EDir trees with the VPN until I research it further.  Thanks.
Any suggestions on steps to take?

Current Dir Configuration:
Tree A:  
OU= "H" and "B" and "E" (3 ou's)

Tree B:
OU= (none)
Question by:krusebr
  • 4
  • 3
LVL 35

Expert Comment

ID: 17110926
I guess, the biggest question is - do you intend to merge the trees, or leave it as a multi-tree environment?  

Make sure you don't have any IP protocols being blocked from passing through the VPN.

Is it safe to assume that the two networks are on different subnets - that they aren't both, say, ""?  Then, you'll have to establish routes to the other networks, of course, but until you are ready to plan a tree merge (if you're going to) you shouldn't have to worry about things like eDirectory partitioning/replication traffic.  Timesync shouldn't be an issue until/if you're going to merge trees, 'cause each tree should have its own configured time sources.

What's your concern - that one will corrupt the other somehow?  That shouldn't worry you, as long as they're different trees in different subnets...  That users will "accidentally" log in to the wrong tree?  That should be handled through DHCP.

If/when you decide to merge trees, post back with a new question about that - we're full of advice for merging trees. Simply connecting the 2 networks with a VPN, though, shouldn't be a big deal, IMHO, because they're separate trees in separate networks.


Author Comment

ID: 17111010
Tree MNW is on a - network and Tree MNWB is on a - network.

We may need to merge the trees but I am not sure.  I will tell you our plans....
We want to share a school information system (data folder) that will be on a Netware 6.5 server volume on Tree MNW.  There will be a need to connect approx. 25 XP clients on Tree MNWB to this data folder.  Maybe it would be easier to just merge the trees?  Is there any issues with the EDir and syncing over a VPN.

Thanks again for your help.
LVL 35

Expert Comment

ID: 17111292
Easier to merge the trees?  No, unless they SHOULD be in the same tree.  It's not as simple as it sounds, and has to be done with full understanding of the process, and careful planning.    It's easier to manage a single tree than multiple trees, but it's up to you whether the benefits outweigh the costs and so on... ;)

Keeping 'em separate trees, you'll need to set up the 25 "tree B" users as user objects in the MNW "A" tree with rights to the folder.  Their passwords will likely be unique and not synchronized because they're different user objects.   If you merge the trees, it'd be a simple matter of assigning the users rights to the folder - they'd still just authenticate to the tree once.  Separate trees require separate authentication, separate licenses.  If you merge trees and you have 300 user licenses on each tree, you end up with 600 user licenses for your combined tree, so there's a cost benefit to merging, too - you'll have to account for having those additional 25 users taking up licensing in your "A" tree.

If you have a reasonably "fat" pipe, eDir syncs just fine.  Even over a slower link, it's not so bad - eDir sync traffic is rather light - especially when compared to MAD sync traffic.

I had a VPN WAN using BorderManager site-to-site VPN, no problem with eDir sync, as long as timesync was good.  Since I had some old hardware and some NetWare 5.1 at one site, timesync drift was a bit of a problem until I upgraded hardware and NetWare, but it shouldn't be a problem nowadays.
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.


Author Comment

ID: 17111350
If I don't merge the trees, then in order to login to the other tree, will I have to set the nic ip on each of the machines needed to connect to the other tree to their subnet.  If I do, then I suppose I lose printers in the local building for those computers needing access to the other building's tree???
Wow, am I correct on this?
LVL 35

Expert Comment

ID: 17111393
No, you should be able to just set up a route to their network.
LVL 35

Accepted Solution

ShineOn earned 2000 total points
ID: 17111409
The VPN devices or servers or whatever you're using for VPN should have the capability to establish a route between networks.  That should be all that's necessary.  Make the next-hop route to the A network the VPN network and vice-versa.

You don't want to bridge, you want to route.

Author Comment

ID: 17111421
Great.  I will try keeping them separate first.  Thanks!

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

As a person who answers a lot of questions, I often see code that could be simplified, made easier to read, and perhaps most importantly made easier to maintain if the code was modified to use the Select Case statement. This article explains how to…
When the first reports of the initial sales of Nintendo Switch in the Land of the Rising Sun appeared. In Japan, only 330,637 consoles were sold for the first day. But many large retail chains have already sold out the entire edition of the console …
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Watch the video to learn how one can deal with PST file corruption issue with an outstanding Kernel for Outlook PST Repair Tool easily. Using this tool, non-technical users can swiftly perform the repair process to restore their essential data witho…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question