Link two networks as one via the Internet

The title pretty much says it all. I have two physical LANs with
high-speed internet connections, and I want them both linked up so that
they see each other as one logical LAN. The primary objective is to
enable full Windows SMB/CIFS-based file sharing between the two networks
so that the Windows clients can access each others' Access databases,
documents, etc.

What should I do to pull this off? I'll be replacing the traditional
"home routers" with Linux routers and this is one of my goals. I don't
know if a VPN solution will do what I want or not. I think you have to
be able to forward broadcast packets correctly to make SMB/CIFS work
properly, but I don't recall.

Help? TIA for responses.

Jody

Jody Lee Bruchon wrote:
> The title pretty much says it all. I have two physical LANs with
> high-speed internet connections, and I want them both linked up so that
> they see each other as one logical LAN. The primary objective is to
> enable full Windows SMB/CIFS-based file sharing between the two networks
> so that the Windows clients can access each others' Access databases,
> documents, etc.
>
> What should I do to pull this off? I'll be replacing the traditional
> "home routers" with Linux routers and this is one of my goals. I don't
> know if a VPN solution will do what I want or not. I think you have to
> be able to forward broadcast packets correctly to make SMB/CIFS work
> properly, but I don't recall.
>
> Help? TIA for responses.
>
> Jody


A bridged (link-level) OpenVPN connection will do what you
want, but be warned: the bridging creates plenty of traffic
that is not actually needed at the other end of the remote link.

For details, see <http://openvpn.net/>.

--

Tauno Voipio
tauno voipio (at) iki fi

Hello,

Tauno Voipio a écrit :
> Jody Lee Bruchon wrote:
>
>> The title pretty much says it all. I have two physical LANs with
>> high-speed internet connections, and I want them both linked up so
>> that they see each other as one logical LAN. [...]
>
> A bridged (link-level) OpenVPN connection will do what you want

On both gateways, it will also be necessary to bridge the VPN tun/tap
interface and the LAN interface together so that ethernet frames are
transparently forwarded from one LAN to the other.

Tauno Voipio wrote:
> A bridged (link-level) OpenVPN connection will do what you
> want, but be warned: the bridging creates plenty of traffic
> that is not actually needed at the other end of the remote link.

That's fine. As long as we're using real switches for truly local
traffic, I think the DSL and T1 lines can handle it, unless I'm missing
something.

What kind of traffic is created that's unnecessary? Would this
basically forward every ethernet frame that touches the LAN interface
over the Internet via a tunnel? Is there some kind of compression that
can be applied to reduce the load?

Perhaps a shred of elaboration is in order. Each LAN has between three
and seven computers total, and each location typically has DSL-like
speeds (fractional T1, IIRC, except for one office that actually has
real bona fide DSL service instead). The maximum scope of this project.
should it be practical in application, will be to link approximately six
or seven LANs together, each of which contain an average of four
Windows-based computers, and possibly each getting one Linux-based file
server in the future as well.

It's starting to sound insane to me, but I've never done this before. I
am a very paranoid person when it comes to doing things I've never done
before, and I'd like to not even bother with it if it's a stupid thing
to do.

Secondarily, I want the new backup machines to pipe incremental backups
out to a master backup machine, and one of the places in question
actually has no control over their network equipment. It appears to be
a run-of-the-mill NAT router in the way, but not configurable. What is
the best way to enable full access to the backup satellite from another
place, despite the firewall? Would I have the remote machine open a
connection to a VPN server at a location I control (the master backup
location) to allow me to do both secure backup transfer as well as open
SSH connections through the tunnel?

Forgive my ignorance, but it seems that most of the documentation on
this stuff is slightly outdated or unclear for one who is not already
fairly familiar with VPNs in the first place. I've heard nothing but
moaning about VPN maintenance for years, and I'm basically just hoping
the pain is an NT thing and that *NIX solutions don't have such glitches.

Jody Lee Bruchon wrote:
> Tauno Voipio wrote:
>
>> A bridged (link-level) OpenVPN connection will do what you
>> want, but be warned: the bridging creates plenty of traffic
>> that is not actually needed at the other end of the remote link.
>
>
> That's fine. As long as we're using real switches for truly local
> traffic, I think the DSL and T1 lines can handle it, unless I'm missing
> something.
>
> What kind of traffic is created that's unnecessary? Would this
> basically forward every ethernet frame that touches the LAN interface
> over the Internet via a tunnel? Is there some kind of compression that
> can be applied to reduce the load?

In principle, a bridged connection copies all traffic
on the Ethernet across the VPN link. The Linux kernel
bridging is smart enough to learn the target link-
level addresses (MAC) to forward only the packets
targeted to the other side of the link. However,
broadcasts need to be forwarded anytime. The Linux
bridging code can use the spanning tree protocol
(STP) to handle the network paths.

IIRC, the Windows network system can handle a routed
(IP level) network if there are Windows name servers
(WINS) in the network. I'm not the proper person to
ask Windows networking details, sorry.

HTH

--

Tauno Voipio
tauno voipio (at) iki fi