[SoCoSA/discuss] OpenVPN? Or...?

Christopher Wagner waggie at waggie.net
Fri May 19 13:38:39 PDT 2006 

On Fri, May 19, 2006 12:11 pm, Trevor Benson wrote:
>
>> -----Original Message-----
>> From: discuss-bounces at socosa.org [mailto:discuss-bounces at socosa.org]
>> Sent: Thursday, May 18, 2006 5:02 PM
>> To: SoCoSA general discussion list
>> Subject: Re: [SoCoSA/discuss] OpenVPN? Or...?
>>
>> On 5/18/06, Trevor Benson <tBenson at a-1networks.com> wrote:
>>
>> > > Is there a reason NOT to bring up WINS & join the domain after
>> setting
>> > > up the tunnel?  Getting DHCP to assign an IP, etc?
>> > >
>> >
>> > Well my point is most protocols outside of PPTP and L2TP have no
>> > mechanism to pass off DNS or WINS for the local domain to the client,
>> > so your stuck with writing scripts, or having users change their own
>> > settings after establishing a tunnel.
>>
>> Well, I've obviously got more research I need to do, but:
>>    http://openvpn.net/testimonials.html
>> strongly implies that they have "automagical" handling of this stuff,
>> e.g.:
>>    "... I want my remote vpn clients to be on the same subnet
>>     as the office-bound clients for myriad reasons. I did not like
>>     having to manually configure IP addresses for each client,
>>     so I elected to use a dhcp server to serve my remote clients
>>     an IP address through the openVPN tunnel."
>> &
>>    "... handled it perfectly and reestablished the connection
>>    with the new ip address automatically..."
>> &c...
>>
>>
>> - Steve S.
>>   ... Off to do more studying...
>
> Sounds like open VPN has implemented the RFC for forwarding/routing
> broadcasts of DHCP traffic to alternate ends.  Havent tested anything with
> it yet, cant speak to it.  But its been around awhile, just never seen a
> client use it (especially since the built in WinXP client is PPTP or L2TP,
> possible I suppose they request addresses in the same fashion as DHCP with
> REQUESTS and ACK's, never really watched the traffic that close.

I have to agree with Trevor I think.  In most cases, PPTP tunnels for
tunneling remote laptop users into small offices is the easiest solution,
especially if you can get it to work with the M$ DUN VPN client.

- Chris

More information about the discuss mailing list