VPN and Net storage . . .

I posted this question to comp.os.ms-windows.networking.misc, but that
NG seems sleepy. Since it is at lease 1/2 on topic, I thought I'd try
here.

Two basic parts of the question.

First topic is just basic to how a VPN would work. I get the idea on a
client server network, but the nets in this question are peer networks.

If I have a VPN router in my office, and an identical one at home, allow
them to open a tunnel, and both networks have the same windows workgroup
name, does it just look like one big workgroup? In other words, sitting
at my desk I'd be able to see all the computers, printers etc on the
home network from the office and vice versa? I assume that's how it
should work, but would like to confirm before I spend the money because
the real reason to do it is the second topic below.

Also, if setting up this sort of VPN, anyone know of pointers I should
look for? Potential problems? The office router is already in place and
is a LinkSys BEFSX41. The office network is DSL with a static IP, the
home is Comcast and I understand it is a "persistent" IP. My assumption
is that the home router should initiate the connection each time since
it's address could potentially "move."

Second topic: My plan was to use the VPN for offsite backups of office
data. It's not something I'm doing now and need to. If the VPN works
as I think it should, I will get a Network Attached Storage (Like a
Netgear SC101). Due to bandwidth limitations, I would first configure
it plugged directly into the office network and do the complete backups
needed. Then I would take it home, put it in it's "permanent" location
and set everyone up for incremental backups only. Since the NAS is
easily portable, It could be transported back and forth if needed for
another full backup.

Anyone have any experience with this? Any problem areas I should look
for? All thoughts appreciated.

John

On 7/29/2006 1:48 AM, Jim Watt wrote:
> On Fri, 28 Jul 2006 17:32:33 -0700, John Hyde <EJhyd@netscape.net>
> wrote:
>
> Not really a security question at all.
>
>> If I have a VPN router in my office, and an identical one at home, allow
>> them to open a tunnel, and both networks have the same windows workgroup
>> name, does it just look like one big workgroup?
>
> Yes and no.
>
> You will be able to connect to devices by their IP but not necessarily
> to 'see' them by name.

I Assume that means the private IP address? Do both networks need to be
using the same subnet? Right now the office maps addresses as
192.168.168.x while home is 192.168.0.x It's easy enough to change
(Especially since all but one of the home addresses are DHCP assigned)

It helps is you install a WINS server to map
> the names to the IP, That can run on an existing server.

Yeah, but there is no "Server" Just a bunch of XP boxes operating as peers.

If everyone is on the same subnet, but for example, the office is
assigned x.x.x.2 to x.x.x.50 and the home is x.x.x.51 to x.x.x.100,
could an XP box on the office "map a network drive" at say x.x.x.55?

(I envision the "Assignments" to be by making sure the static IPs are in
the correct range and limitations on the the DHCP server in the routers.
Subnet mask for both to be 255.255.255.0)

>
>> Also, if setting up this sort of VPN, anyone know of pointers I should
>> look for? Potential problems? The office router is already in place and
>> is a LinkSys BEFSX41. The office network is DSL with a static IP, the
>> home is Comcast and I understand it is a "persistent" IP. My assumption
>> is that the home router should initiate the connection each time since
>> it's address could potentially "move."
>
> Its important for both, you could investigate using a dynamic IP
> service to map a name to your router.

I thought of that, but can't the router with the static IP just wait to
be contacted by the router that can correctly I.D. itself and the home
router automatically contact if there is a disconnect? I thought I had
to assign one to initiate the contact and the other to listen. I suppose
I get additional security if the "listener" will only accept a
connection attempt from the correct domain. But is there more than that?

>
>> Second topic: My plan was to use the VPN for offsite backups of office
>> data.
>
> Yes, but It depends on the volume of data that needs to be backed
> up on a daily basis, and the speed of your connection.

Well, speed is definitly the issue, I'm still investigating how fast the
office net's upload speed is. But the daily increments would be in the
10 < x < 100 mb range. Definitly not on the GB range.

>
> Apart from speed there is no difference to doing a backup over the
> office network In my case walking home with a DVD is several orders
> of magnitude higher than any electronic transfer

Right, sneekernet is the current system. The big problem is getting it
done given the routine craziness at the office.
>
> --
> Jim Watt
> http://www.gibnet.com