Community discussions

MUM Europe 2020
 
1001001
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 70
Joined: Mon Sep 24, 2012 12:46 pm

transparent bridging over VPN / central NAT

Tue Mar 04, 2014 7:40 pm

Hello everybody,

is there a 'simple' solution to the following problem?

Consider a szenario where you have 10 site that have to be in the same broadcast domain / the same local network, getting servered by the same dhcp server and getting internet access through the same NAS.

Which combination is the most stable for use with heterogenous hardware on the clientside?
EoIP and OVPN is not an option and as far as the current research goes ipsec doesn't do out of the box, which combination of standard protocols can be used ?

Best regards

1001001
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: transparent bridging over VPN / central NAT

Tue Mar 04, 2014 7:42 pm

Hello everybody,

is there a 'simple' solution to the following problem?

Consider a szenario where you have 10 site that have to be in the same broadcast domain / the same local network, getting servered by the same dhcp server and getting internet access through the same NAS.

Which combination is the most stable for use with heterogenous hardware on the clientside?
EoIP and OVPN is not an option and as far as the current research goes ipsec doesn't do out of the box, which combination of standard protocols can be used ?

Best regards

1001001

That sounds horrible. The best solution is to split it up into separate networks.

If you really want to do it transparently you can use something like EOIP over IPSec which lets you bridge them on Layer2.
 
1001001
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 70
Joined: Mon Sep 24, 2012 12:46 pm

Re: transparent bridging over VPN / central NAT

Tue Mar 04, 2014 8:02 pm

Hello everybody,

is there a 'simple' solution to the following problem?

Consider a szenario where you have 10 site that have to be in the same broadcast domain / the same local network, getting servered by the same dhcp server and getting internet access through the same NAS.

Which combination is the most stable for use with heterogenous hardware on the clientside?
EoIP and OVPN is not an option and as far as the current research goes ipsec doesn't do out of the box, which combination of standard protocols can be used ?

Best regards

1001001

That sounds horrible. The best solution is to split it up into separate networks.

If you really want to do it transparently you can use something like EOIP over IPSec which lets you bridge them on Layer2.
Yeah it probably is. But still the NAS at the central site has to be able to authenticate all clients coming from the remote sites. EoIP ist no solution because it is not available on the remotesite devices, IPsec is but its only layer three and that alone doesn't do.
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: transparent bridging over VPN / central NAT

Tue Mar 04, 2014 8:04 pm

Hello everybody,

is there a 'simple' solution to the following problem?

Consider a szenario where you have 10 site that have to be in the same broadcast domain / the same local network, getting servered by the same dhcp server and getting internet access through the same NAS.

Which combination is the most stable for use with heterogenous hardware on the clientside?
EoIP and OVPN is not an option and as far as the current research goes ipsec doesn't do out of the box, which combination of standard protocols can be used ?

Best regards

1001001
You can use GRE or IPIP also... Beyond that I don't have a good suggestion.


That sounds horrible. The best solution is to split it up into separate networks.

If you really want to do it transparently you can use something like EOIP over IPSec which lets you bridge them on Layer2.
Yeah it probably is. But still the NAS at the central site has to be able to authenticate all clients coming from the remote sites. EoIP ist no solution because it is not available on the remotesite devices, IPsec is but its only layer three and that alone doesn't do.

Who is online

Users browsing this forum: mrmut, MSN [Bot] and 173 guests