[SoCoSA/discuss] OpenVPN? Or...?

Trevor Benson tBenson at a-1networks.com
Thu May 18 16:45:47 PDT 2006 


> -----Original Message-----
> From: discuss-bounces at socosa.org [mailto:discuss-bounces at socosa.org]
> Sent: Thursday, May 18, 2006 4:38 PM
> To: SoCoSA general discussion list
> Subject: Re: [SoCoSA/discuss] OpenVPN? Or...?
> 
> On 5/18/06, Trevor Benson <tBenson at a-1networks.com> wrote:
> 
> > Openswan is a fairly decent product.
> 
> Onto my list it goes... thanks!
> 
> 
> > FYI: WinXP/2k boxes work much better on domains when they
> > have L2TP (or PPTP) because they will be assigned a local address.
> 
> You mean "local" to the remote site being accessed?  Eg, if an ISP
> assigns the address 123.123.123.123 to the client workdstation, don't
> most (all?) VPN's create a virtual network-interface that "tunnels" over
> the real one -- but the Virtual interface would have a separate (generally
> RFC1918) IP address in the range that the destination network has...?

Nope, this is done via PPTP, L2TP, or custom cisco protocols.  There may be others, but I am not familiar with them.

> 
> > Without configuring DNS settings or WINS then you probably want
> > the VPN client to be a standalone system (not joined to the domain)
> > and accessing resources on the network via IP.  Otherwise I think
> > your going to run into headaches without providing WINS and DNS
> > when the tunnel gets initiated.
> 
> Is there a reason NOT to bring up WINS & join the domain after setting
> up the tunnel?  Getting DHCP to assign an IP, etc?
> 

Well my point is most protocols outside of PPTP and L2TP have no mechanism to pass off DNS or WINS for the local domain to the client, so your stuck with writing scripts, or having users change their own settings after establishing a tunnel.

> - Steve S.
>   (Who has done this stuff via Cisco-native tools, but not Windows).

Cisco gives 'pools' for passing out addresses to clients, this is custom to cisco, and is generally not the L2TP (which they also support).  Believe me a few years back I thought the same thing, VPN = Local IP, but its not true.

Trevor

More information about the discuss mailing list