General concept of openVPN implementation.

General concept of openVPN solution for private network. I'm thinking about layer2 bridging mode but... I have one VPS server with Ubuntu 16.04LTS, one local network and two mobile pcs. Starting from server - there is one Ethernet controller with public static IP address. I want to connect to them from 3 places. Should I create 3 TAP interfaces? What about the bridge - bridging eth with TAP(s) or only TAPs from network for example 192.168.2.0/24. Next computer is PC in local network also with one Ethernet controller with address from network 192.168.2.0/24 and Gateway 192.168.2.1. Additionaly two laptops with two network cards, one used for internet access with local address from network 192.168.2.0/24. Have I config TAP and bridge with network card unused or used to connect to internet (WLAN + home WiFi router). I would like to see every computer like in local network, use configured in local network DHCP, DNS (not obliogatory - can be static), used sharing folders, printers, active directory, connect to domain, use DFS. When I trying TUN IP packet routing i probably had wrong configuration but forcing DNS from VPN was disconnecting me from DFS service.
Any help please - routing or bridging and config of TUN/TAPs interfaces with ethernets and Bridges.

Thank You

Paweł
Paweł ChojaczykAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
First if the server has the public IP address please verify you have hardened the server. And run a thight firewall with minimal access allowed.

Second if your server has only ONE interface with public IP why would you need a TAP interface.
The Internet you can already reach, and there is no local network with the server.......
The presented case invalidates the need for a TAP  (which is only needed if you need to get Multicast traffic from a LAN across the internet)
multicast traffic (on average 2-5% of a network with automatic hardware detections etc.) if the local traffic is 1Gbps then you have a steady stream of 20Mbps going to the internet (uplink)  This is not wise on most DSL links (or other asymetric links.... with 1:10 upload:download ratio).

On the server there would be one TAP (the server) bridged to the LAN adapter (which isn't there) and you need to create a tunnel spec. either for each of the laptops OR one spec that allows multiple connections.

With ANY Windows DOMAIN, there can be only ONE DNS (cluster) Server. And that MUST be a DC in the domain.
Any other DNS will give the wrong answer when addresses within the domain are requested. (Unless a special forwading zone is made for eash and any  zone that is provisioned by the DC's.

I think this will show where the problems in your configuration are.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Paweł ChojaczykAuthor Commented:
Thank You for your time and suggestions. You were right. I resign from switching, configured openVPN with routing and I'm sattisfied at all. Thank You .
Best Regards
Paweł
nociSoftware EngineerCommented:
np.  Please don't forget to close the question.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.