Answer the question
In order to leave comments, you need to log in
E
E
Evgeny Ferapontov2014-11-12 13:05:43
Evgeny Ferapontov, 2014-11-12 13:05:43
How to organize remote access to the central office network of a single server in a branch?
The essence of the problem boils down to the following: it is necessary to "bring" AD DS to the branches. It is planned to put in each branch of the RODC, which somehow must be connected to the central office. Access for client machines to the central office network is not needed, ideally it should not be available at all. At the central office, the role of a router and a firewall is performed by a box with Linux, external ips are static.
Ie, actually, the tunnel from RODC to normal DC is necessary. And it is desirable that you do not have to install any software on the RODC (OpenVPN client, for example). What are the options?
UPD: Okay, NOT stopped at l2tp + ipsec. The question is the following: the provider gives the Internet to the central office via pppoe. L2TP over IPsec over PPPOE = triple encapsulated traffic, inside of which there can be a bunch of encapsulations - will this even work?
4 answer(s)
@e1ferapontov
@ilyasus
@brutal_lobster
E
Evgeny Ferapontov, 2014-11-19 @e1ferapontov
I read tons of materials on VPN, decided to stop at IPsec + GRE. It seems like this is the standard mode of VPN operation based on Cisco routers, which in the future will require less effort to reconfigure the equipment, plus it will reduce the overhead during encapsulation (one nested level less!).
I
Ilyas, 2014-11-12 @ilyasus
Site-to-site VPN with a branch router (as an OpenVPN variant ). Next, configure the firewall.
B
brutal_lobster, 2014-11-12 @brutal_lobster
Better site2site on the border. So at least if rodc fails, everything will continue to work.
If you don’t want to bother with gateways in branches, then you can use RRAS
Similar questions
L
M
A
M
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question