/dev/null /var/Unix /var/Linux / Default Icon

Step 1: Outlining the setup
It is always a good practice is to visualize the layout. And for this kind of setup you might need it later on when you get stuck. So here we have an outline of our desired result:
openvpn outline
As you can see we need to have a central switch and each meeting room has to have an RJ-45 plug that is patched to that switch. Also on that switch has to be connected the OpenVPN gateway and the Gateway to the internet, which could maybe be hooked up to an ADSL connection OR tunneled through to your real internet gateway. You should run a proxy server on it to disallow malicious surfing and have maybe a guest access procedure with authentication. Also to mitigate “rogue” connections, make sure you place the APs not next to a window or close to a door.

Step 2: Designing it all
As seen in the outline, to get this setup running smoothly we need the to design the following:

  • Placement of the AP’s in each meeting room. Make sure they are out of sight and well situated.
  • Product selection for the AP’s, make sure you just take Access Points , no need for Routers or Access points with heavy encryption. Simple ones will do (if you have any recommendations leave them in the comments please).
  • Product selection for the switch. The switch should be quite good and should be gigabit. The reason is that you want to provide the maximum bandwidth to each Access point (making them 802.11g, so 54mbit). If you have 6x 54mbit going to your switch that is already over 300mbit/s so its wiser to just buy a gigabit switch. They don’t cost an arm and a leg anymore.
  • You need a server for OpenVPN, It has to have 2 gigabit ethernet cards and should be reliable (read: RAID setup!), however it does not have to be a monster with processor power or brand new. an entry level DELL Server will do just fine. Just make sure you install Linux on it ( Fedora Core 6 for this tutorial)
    For this how-to we use the LAN network of 172.10.1.0/24 which the clients will access over the VPN.
  • You need to have 2 private IP networks separated for your setup, a class C (/24) range should be enough unless you want to provide access to more then just ~250 users at once. For this tutorial, the “public” IP range will be 10.1.1.0/24 and the VPN range will be 192.168.1.0/24 just to make it easier.
  • Name the AP’s according to where they are (e.g.: M2F3 = Meeting Room 2 Floor 3).
  • The OpenVPN Server IP in the public network will be 10.1.1.2, whereas the LAN IP will be 172.10.1.45. It will also host the DHCP Server and the DNS Server for the “public” network.
  • Make sure you have everyone’s name that has a laptop that will need access to the LAN.

Also please create extensive documentation about the placement, the IPs and the Management IPs of the AP’s etc. This is crucial for administration later on. I have seen cases where everything was working very smoothly but for some reason something on one AP needed to be changed and no-one knew the Management IP much less the password for the AP. This can be delaying causes for something that could have been solved quickly. An example of an IP and traffic map that might be necessary to understand everything is here:
IP MAP

Looking at pictures often helps you understand more then just plain text.

Technorati Tags: , , , , , , , , , , ,

Popularity: 58% [?]

Pages: 1 2 3 4 5 6