Re: Opinion: Best VPN to use with Fedora/Windows
From: Ed K. (ed_at_hp.uab.edu)
Date: 01/10/05
- Previous message: Axel Thimm: "Re: mplayer as dependency error"
- In reply to: Kevin Fries: "Re: Opinion: Best VPN to use with Fedora/Windows"
- Next in thread: James Wilkinson: "Re: Opinion: Best VPN to use with Fedora/Windows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 10 Jan 2005 15:26:49 -0600 (CST) To: For users of Fedora Core releases <fedora-list@redhat.com>
On Mon, 10 Jan 2005, Kevin Fries wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Leonard Isham wrote:
> | On Sun, 9 Jan 2005 21:17:55 -0600 (CST), Ed K. <ed@hp.uab.edu> wrote:
> |
> |>Kevin,
> |>
> |>I've had the most success with openvpn.sf.net running is bridge mode. The
> |>road warriors are a true member of the network, listening to all that
> |>windows broadcasts that get sent around. Its easy to install (well
> |>compared to other vpn) and does not require a kernel rebuild.
> |
> |
> | I personally avoid bridginh to cut down on the noise over the limited
> | internet connections and cut sown on the overhead for each packet.
> |
> | A little more work with the configuration, but IMHO worth the effort.
> |
>
> OK, maybe I am simplifying things a bit more than I should be, so let me
> ask:
>
> My conceptual understanding of VPN was that computerA needs access to
> NetworkB as if it were located on the physical network even though it is
> somewhere else. ComputerA contacts NetworkB which assigns ServerC to
> ask as a proxy. All traffic destined for NetworkB from ComputerA is
> Sent from A->C, ServerC retransmits the request, receives the answer,
> then relays it back C->A. This allows A to appear to be on the network.
> ~ If ServerC was to manage up to 10 VPN connections, it would need 10 or
> 11 (if it also had other duties as itself) IP addresses with each remote
> client having a unique IP.
>
> Now I can see how that could appear as a goofy type of router or more
> specifically a bridge. Its actually more of a proxy, but at a basic
> level all proxies are actually routers. And a bridge is simply a router
> where the network address is the same on both sides.
>
> When they were talk about bridging, I assumed that they were talking
> about the proxy. So when you talk about how you avoid bridging, how is
> my understanding of VPN's shortsighted? What other options are there?
>
> Thanks, and sorry if this question sounds stupid.
>
> - --
> Kevin Fries
Ok lets get on the same page (the iso/osi network model):
http://www.uwsg.iu.edu/usail/network/nfs/network_layers.html
A bridge directs traffic based on data on Layer 1 and 2
A router directs traffic based on data on layer 3
A proxy is not a very common type of network device, but lets say that it
directr traffic based on data on layer 5. An example proxy would be a
squid server (squid-cache.org)
Now in bridging mode, the openvpn's virtual network device (tap) has its
own MAC address that is fed into the bridge on the linux server. If your
internal network is 10.0.0.x then your external computers can be assigned
an ip of 10.0.0.200 and communicate with sll the other computers at
10.0.0.x.
OpenVPN is the only vpn solution that supports bridging (someone will
correct me here) which offers simplicity in the installation. But the cost
is that there are more packets pushed around due to all the VPN clients
receiving the broadcast packets.
ed
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
- Previous message: Axel Thimm: "Re: mplayer as dependency error"
- In reply to: Kevin Fries: "Re: Opinion: Best VPN to use with Fedora/Windows"
- Next in thread: James Wilkinson: "Re: Opinion: Best VPN to use with Fedora/Windows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
