Главная » Linux » Securely link two offices using OpenVPN

Securely link two offices using OpenVPN

08:34
csm_tunnel_9f61f31b97.jpg

If you're looking to unify the LAN networks of two independent locations you have a number of choices. You can either get a hugely expensive dedicated leased line or you can create a secure tunnel across the internet using strong encryption and some virtual network interfaces on both endpoints. The latter setup is called a Virtual Private Network (VPN) and it's almost as safe as a dedicated line at only a tiny fraction of the cost. In fact, it's the only realistic option for any small to medium sized business. In this article I'll explain how to hook up two remote locations across the Internet using OpenVPN. The end result will behave as if your entire network was located within a single building plus it'll be secure and completely free of charge.

 

There are two great advantages to OpenVPN when compared to other, perhaps more standard solutions like IPSec. The first is the much greater ease of configuration. You can go all-out with OpenVPN and integrate it with your PKI infrastructure, or you can opt for a simple pre-shared secret setup. Three lines of configuration on each end would suffice at the bare minimum, but we'll use a few more for comfort and safety.

 

The second advantage, and this is a huge one for small businesses with only a single public IP address per location, is in OpenVPN's easy NAT traversal. You can put your OpenVPN gateway behind a simple consumer or low-end business router, configure a simple port forward and be done except for some custom routing. IPSec is much harder to get to work properly through a NAT gateway.

Next