Three sites problem: ppp, VPN and routing

[Guest]

[mosocms]

Hi everbody! 

Today I have three sites with three different networks connected by radio links.

The networks are 10.1.1.0/24, 10.2.1.0/24 and 10.3.1.0/24.

My problem is that networks 10.2.1.0/24 and 10.3.1.0/24 need permanent access to a server in 10.1.1.0/24 network.

I am thinking in to use ADSL connections on each site to get internet access and then use VPNs to connect sites "2" and "3" to site "1".

Can Endian help me in this scenario?

If my main link (radio) gets interrupted, traffic will be automatically redirected to the VPNs?

And later when radio link gets back, the traffic will return to it?

I pretend to use Endian Firewall Community 2.4.  The  documentation is still version 2.3, I don't know if there was significant changes...

Can you help me with this setup? 


Thanking in advance,
mosocms

[xsidx]

Hi everbody! 

Today I have three sites with three different networks connected by radio links.

The networks are 10.1.1.0/24, 10.2.1.0/24 and 10.3.1.0/24.

My problem is that networks 10.2.1.0/24 and 10.3.1.0/24 need permanent access to a server in 10.1.1.0/24 network.

I am thinking in to use ADSL connections on each site to get internet access and then use VPNs to connect sites "2" and "3" to site "1".

Can Endian help me in this scenario?

If my main link (radio) gets interrupted, traffic will be automatically redirected to the VPNs?

And later when radio link gets back, the traffic will return to it?

I pretend to use Endian Firewall Community 2.4.  The  documentation is still version 2.3, I don't know if there was significant changes...

Can you help me with this setup? 


Thanking in advance,
mosocms

I don't recommend routing through your vpn connection, but if you get an additional DSL line as a secondary uplink you can set fail over to both main and uplink to each other, meaning if one fails it will divert traffic to other gateway, at the same time you can also set you secondary uplink (DSL in this case) in IPSEC under vpn setting to allow you to connect both network site 2 and 3 to site 1. This will give you connectivity through all sites as long as site 1 is up and running with both networks under vpn. Site 1 is what will be between 2 and 3, that will be your central point! (in this scenario radio will be your internet link as main gateway and vpn will be going out your dsl line, if radio drops, internet is diverted to your dsl connection until radio is back up which will then be reset to main gateway automatically, but vpn setting will be maintained going out your dsl connection at all times, best to have vpn on a stable connection rather then a radio link, if you are on a ppp/dish setup.)

Again routing through your vpn connection is not advice, you will not get a very fast speed at all.. can be used for server authentication and such, but not recommended for something as dns routing, you will be wasting a gateway going to a software vpn to pull your information too slow off the internet. (Don't use internal Vpn links as DNS, your server connectivity can be set using ips and it will link fine with vpn set up)