Large complicated VPN setup. (Help with)

[Tomas Doran]

Hiya everyone. I am currently evaluating tinc for use by my company's
vpn needs and I would like some help/information about configuration of
tinc and if it will do what I would like it to do. Hopefully some kind
soul will help me with what I am trying to achieve.

I am sorry if this is an inappropriate forum for this question but I am
looking for people with some ideas on networking generally and since I
am evaluating tinc this seems like a good place.

We are a very small comany who rent out  managed servers, which are
linked to the Internet via a variety of means, mainly ISDN links. We
have two infastructure servers co-located.

Each client site has one (or more) of our servers on the premesis. Some
of out clients also do vpn between themselves (which our servers have to
handle) and pptp dialins (which go to the infastructure servers and are
routed appropriately)

For example purposes I will describe one of our most problematic
instalations.
There are 4 sites: Kendal, Redhills, Westlakes and Workington.
All bar Workington have one server and Workington has 2.

Each server has a /24 network of client machines behind it and an IP
address that is internal to that network.

Our infastructure servers are 192.168.0.1 and 192.168.4.1 and every site
starts a vpnd link to both of these servers when they connect (They have
24/7 ISDN connections) this allows the mail (which is MX'd to the
infastructre servers) to be routed to them.

Workington's main server  is 192.168.40.7 and the other server is .3.
There are Win NT terminal servers at .10 and .11 which people from
kendal and redhills need to use.

Workinton, Kendal and redhills have 2 ISDN lines each. One IDSN line is
for internet and general vpn traffic. The other ISDN line is dedicated
to the kendal -> workington and redhills -> workington connections

Kendal is 192.168.128.33 and Redhills is 192.168.128.41.

What I was originally planning was to use ethernet SPF bridging to sort
this mess out meaning that all the sites backbones would be one one
unified /24 network as opposed to the mess they are in now. However I am
not sure that this is the way to go and the bridge code is not working
with FreeS/WAN and since tinc will only encapsulate IP then it won't
work with tinc..

Basically I want to have an easy to manage network framework which will
work and allow me to add/remove connections as traffic demands change
etc..

I know that this wasn't the clearest question and/or explanation but my
thinking hasn't really solidified on the issue yet.

Feel free to grill me for more information about the setup, however this
email is long enough as it is for now.

Cheers
Tomas Doran
System administrator and systems developer.
Northern Principle Ltd
(0161 848 0440)

--
The views & opinions expressed in this email may not be the views and
opinions of my employer


-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://ftp.nl.linux.org/pub/linux/tinc/