Internet Related/Filtering/Firewall Thread, Setup server locally but be ready for remove VPN connected location in Technical; Probably in the wrong place but here goes anyway.
I'm moving into a workshop as part of my business plan ...
Setup server locally but be ready for remove VPN connected location
Probably in the wrong place but here goes anyway.
I'm moving into a workshop as part of my business plan but want to put together the following setup.
- ML115 ESXi server with:
-> Win Servers as Guest OS for main AD, DFS file server, etc...
-> guest OS (already on) with Smoothwall to provide VPN connection with Workshop/Remote
- Additional ESXi server with:
-> Single WinServer Guest OS with branch/local AD, file server for workshop
-> guest OS with smoothwall providing the other side of VPN connection back to base
The reason for this sort of setup are as follow:
- I've got a lot of data sitting around that I'll need access to
- Local DFS/server makes for greater speed of access
- Having the two locations sync'd over DFS resolves the issue of data backup in case of theft, etc..
The only hiccup is that the business center the unit is part of, has a rather expensive internet/broadband package with high data transfer rates and caps so I'd like to get the Workshop server setup in advance and synch'd to the domain and DFS system over the LAN before I install it at the workshop.
Hopefully this would mean that the sync from that point on would involve minimal data transfer.
Anyway... the problem I forsee with all of this is that the two ends of the VPN need to be on different IP ranges (or at least I think they do?) to successfully connect so that would make it difficult to join the AD to the local domain and then move it to the next one... I'm not sure how to go about all of this..
I've setup OPenVPN, people open the VPn connection at home and can then RDP into one of the DC's (If they are an Admin) or straight into there machine - they have the WOL feature if they need to wake the machine up, what happens is though we have a different IP range for people who dial into the VPN, usually our internal is 10.168.*.* but when they dial into the VPN they get A 10.90.*.* the router at the other end (PFSense with OpenVPN) knows they ranges it has and where the networks are so it all works perfect and you cn access anywhere on the network via the VPN.
If they are in a VM already you should be fine, you should be able to configure the VM server to just expose the external interface of the smoothwall box and then point the remote box to the internal ip of the home smoothwall box and then your sorted. You just need to change the IP to the external IP of your home when you move it.
Edit: for clarity the remote server would have the smoothwall external interface hooked up to the local home network and then its internal interface hooked up to a virtual network switch that the server VM is hooked up to all inside the VM host.
Last edited by SYNACK; 23rd July 2011 at 12:38 PM.
Actully, even easier, just point the 2k8 VMs network directly to the NIC and run the syncs etc. then just change the IPs and put the smoothwall in the middle when you move it. As long as all the software on the second DC is set to ues hostnames rather than IPs you should be fine. You'd need to turn off DHCP on it for a while though and setup a new DNS reverse lookup zone for the other IP range when you get there.