[ previous ] [ next ] [ threads ]
 From:  "Kristian Shaw" <monowall at wealdclose dot co dot uk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] VPN for 2 offices connecting to same domain on a windows server
 Date:  Wed, 1 Feb 2006 19:18:06 -0000

I have sucessfully used m0n0wall to connect a temporary satellite site back 
up to the main office. I was prepared to accept a loss in availability if 
the ADSL/VPN went down as this meant I only needed a router at the remote 

At the main site you need a working:
- Domain Controller
- WINS server
- m0n0wall

At the satellite site you need a working:
- m0n0wall

Firstly, get the VPN working between the two sites. At the satellite site 
use the local's m0n0wall's DHCP server, for a small number it works fine and 
is probably easier than trying to set up DHCP relay over the WAN. Configure 
it to give out the main office's WINS and DNS addresses. Don't worry about 
the traffic these services create as it is tiny compared to that used in web 
browsing, email etc.

You may come across an issue where clients at the satellite site experience 
slow logins and group policy failures. This is because there is a bug in 
m0n0wall's handling of fragmented packets when using IPSEC and clients use 
large ping packets to locate a domain controller. On the clients you need to 
disable group policy slow link detected. If you happy to modify m0n0wall's 
code you can also enable 'keep-state' on the outbound direction of the LAN 



----- Original Message ----- 
From: "Dee Lowndes" <dee at asyouneed dot com>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Wednesday, February 01, 2006 12:35 PM
Subject: [m0n0wall] VPN for 2 offices connecting to same domain on a windows 

> Hi All,
> I have never done this but I think its possible and would like a second
> opinion or two :)
> I have two offices that need connecting, one with a few users and a main
> one with about 15 I plan on getting SDSL at the main one and ADSL on the
> other with ISP supplied routers that have VPN pass through. I then want
> to put two m0n0wall wrap units in each premises to set up a VPN so that
> both office have access to the same domain on a Windows 2003 Server.
> I believe that windows 2003 will have to do DHCP for both offices and
> that this will have to pass over the VPN does anyone know if this is
> possible?
> If anyone thinks I am going about this the wrong way please let me know
> also :)
> Thank in advance,
> Dee
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch