[thelist] Tunneling on Windows...

Phil Turmel philip at turmel.org
Mon Sep 20 13:47:43 CDT 2004


Hershel Robinson wrote:

>> http://openvpn.sourceforge.net/
>>
>> We run everything in tunnel mode, but it is capable of using bridged
>> adapters, placing all connected computers on the same virtual
>> ethernet.
>> Tunneling just seems to perform better for my needs. If you have at
>> least one machine with a reliably resolveable host name, you
>> can set up
>> tunneling to support many machines behind NAT connections
>> communicating
>> freely with many machines behind other NAT connections.
>
>
> I have a LAN behind a NAT in my home office. I use Windows VPN to 
> connect to
> our business server. The problem is that only one machine on my LAN at a
> time can connect to the VPN, so if my workstation is connected, my 
> boss (on
> the VPN also) can not see my local server (to see what great work I'm 
> doing)
> because it doesn't have the VPN on it. I furthermore have no real interest
> in opening up my local development server to the world.
>
> We were thinking of buying a NAT-enabled DSL router that could 
> establish the
> NAT itself and thus allow both my machines to be on the VPN, but it's 
> a bit
> expensive ($400).
>
> Could OpenVPN allow me to do this? Have both my machines on the VPN at the
> same time? Or perhaps someone has another solution? All machines involved
> are running Windows 2K (Pro and Server).
>
> Thanks,
> Hershel

OpenVPN can do all this, either by running multiple target ports on the 
server end, or by setting up IP forwarding on at least one box at each 
locale.  I use the latter model, where the NAT component (Cayman DSL 
router) has been given static routes for the VPN subnets that point back 
to the tunneling machine.  That way any other computer that plugs in w/ 
DHCP can communicate on the entire VPN. I don't do IP forwarding with 
Win2K, but I understand it's possible (RRAS for W2K server, Registry 
hack for W2K pro).

Note that OpenVPN defaults to UDP connections, which can be difficult to 
use behind a NAT.  OpenVPN can be configured to use TCP connections, 
with some performance penalty, but no NAT interference.

Phil



More information about the thelist mailing list