Corporate LAN-to-LAN questions

  1. Hello Techspot! It's been a long time, and as always, I so appreciate the great help from you the community. You guys are the best!

    I got a new job in IT doing support for a medium sized medical facilitiy, with about 60 computers on a network domain, connected to the internet by a comcast router. We have 2 satellite offices in different towns, one with about 20 computers and the other with only 2 (that one has a workgroup setup). All have different routers, and their own internet connect provider, but we want to establish a very secure and and encrypted VPN between the three so we can primarily send sensitive data through on a daily basis, and use a LAN messenger we have installed at the office here to communicate easily with the other offices.

    It's my first IT job, and honestly its a bit overwhelming, but I am learning so much and its a great place to work.

    The only VPN experience I have is very small, using a mesh hamachi network to play games with my friends.

    I did try using hamachi as a test here, which worked flawlessly with the LAN messenger we have here and the other office. But hamachi isn't very good for big scale operations so I've read, and as configured isn't a true secure infrastructure as data goes to the hamachi servers first. (mesh)

    Basically, I need your suggestions on setting up a VPN that is consistently reliable, easy to set up and manage, and secure (no outside servers or middlemen).

    Is there a way to install VPN software (perhaps OpenVPN?) on a single machine in a LAN, and install it on another LAN, that will make all computers visible to each other on both networks? If not what is the easiest way to do this?

    I don't have too much experience with installing new routers, but if thats the best option, let me know in laaman terms the best way to set it up. Or can we just use the routers we have?

    Let me know if you need more information. You guys are the best!
  2. jobeard

    jobeard TS Ambassador Posts: 10,835   +895

    For clarity, the components will be:
    1. GWF: Gateway Firewall
    2. MRT: master router this host
    isp1==GWF==MRT--local lan systems
    isp2==GWF==MRT--local lan systems
    isp3==GWF==MRT--local lan systems
    First issue to solve is the public Internet facing IP addresses of the GWFs. If you just take a common ISP connection, the public addresses may change dynamically. If you get a domain name for the company, then you will have a unique IP ( IPv6 today). For illustration, if the name is literally, then each location can have a name like, or and these are added to your public DNS. This solves the routing between the three sites.

    Use the filtering tools at the GWF to control access INTO the company infrastructure. The PORTs for the VPNs need to be UNIQUE (ie don't take the common defaults), but can be the same on all three networks.
    You then forward the VPN.ports to the server on that network. To make sure all traffic is INTERNAL to the company, allow ONLY IP traffic which has a source address within your domain!!!

    If you wish to allow users at home to VPN into the system, create ANOTHER VPN (just one) where you can control and monitor external accesses.

    Then setup the VPN on one of the networks

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...