[ previous ] [ next ] [ threads ]
 
 From:  Dee Lowndes <dee at asyouneed dot com>
 To:  Kristian Shaw <monowall at wealdclose dot co dot uk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VPN for 2 offices connecting to same domain on a windows server
 Date:  Thu, 02 Feb 2006 15:25:49 +0000
Big thanks to all those that respond both on and off list decision time
is next week so I will have to wait and see what the bosses decide.

Cheers,
Dee

On Wed, 2006-02-01 at 19:18 +0000, Kristian Shaw wrote:
> Hello,
> 
> I have sucessfully used m0n0wall to connect a temporary satellite site back 
> up to the main office. I was prepared to accept a loss in availability if 
> the ADSL/VPN went down as this meant I only needed a router at the remote 
> site.
> 
> At the main site you need a working:
> - Domain Controller
> - WINS server
> - DNS
> - m0n0wall
> 
> At the satellite site you need a working:
> - m0n0wall
> 
> Firstly, get the VPN working between the two sites. At the satellite site 
> use the local's m0n0wall's DHCP server, for a small number it works fine and 
> is probably easier than trying to set up DHCP relay over the WAN. Configure 
> it to give out the main office's WINS and DNS addresses. Don't worry about 
> the traffic these services create as it is tiny compared to that used in web 
> browsing, email etc.
> 
> You may come across an issue where clients at the satellite site experience 
> slow logins and group policy failures. This is because there is a bug in 
> m0n0wall's handling of fragmented packets when using IPSEC and clients use 
> large ping packets to locate a domain controller. On the clients you need to 
> disable group policy slow link detected. If you happy to modify m0n0wall's 
> code you can also enable 'keep-state' on the outbound direction of the LAN 
> interface.
> 
> Regards,
> 
> Kris.
> 
> 
> ----- Original Message ----- 
> From: "Dee Lowndes" <dee at asyouneed dot com>
> To: <m0n0wall at lists dot m0n0 dot ch>
> Sent: Wednesday, February 01, 2006 12:35 PM
> Subject: [m0n0wall] VPN for 2 offices connecting to same domain on a windows 
> server
> 
> 
> > Hi All,
> >
> > I have never done this but I think its possible and would like a second
> > opinion or two :)
> >
> > I have two offices that need connecting, one with a few users and a main
> > one with about 15 I plan on getting SDSL at the main one and ADSL on the
> > other with ISP supplied routers that have VPN pass through. I then want
> > to put two m0n0wall wrap units in each premises to set up a VPN so that
> > both office have access to the same domain on a Windows 2003 Server.
> >
> > I believe that windows 2003 will have to do DHCP for both offices and
> > that this will have to pass over the VPN does anyone know if this is
> > possible?
> >
> > If anyone thinks I am going about this the wrong way please let me know
> > also :)
> >
> > Thank in advance,
> > Dee
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> > 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch