Jump to content
Sign in to follow this  
cyris

Domain + VPN Setup

Recommended Posts

Hey everyone,

 

First off I'd like to say thanks to everyone in #linux-noob on efnet for helping with my day-to-day linux admin questions, znx has helped me a few times with some (id call nasty) shell scripting.

 

I work for a company who has 150+ staff spread out around the city in about 12 locations. Each location has 1-3 windows xp pro workstations.

 

These 12 locations are setup with the same network topologies, all have broadband connections (2 cable, the rest ADSL) and all are behind a dlink router.

 

My co-worker and I are finding administration to be a bit of a pain now as desktop configurations are not standardized and its getting harder to maintain patching and anti-virus updates, not to mention that staff share a public account on each machine they use (just not secure anymore as staff turnover is high). so I have been given the ok to setup a VPN and a PDC.

 

The VPN setup was a breeze with IPCOP and I found an excellent guide on howtoforge for setting up a PDC.

 

My problem is that we only have a 1MB upstream at our office and Windows XP profiles are about 2-3MB in size.

 

I think roaming profiles are out of the question, as downloading and then uploading the profile on logoff would make things slow for the user. Mandatory profiles seem like a better way to go, as the profile never gets updated when the user logs off but its still requires a download of the profile. I was looking for something more suited to my situation that would use the least amount of traffic and i came back to local profiles :S.

 

Is it possible for me to load a mandatory profile on all our machines, setup the machines to auth against our DC but load the mandatory profile from the local machine?

 

I'm also asking for any TIPS or TRICKS or what not.

 

Thanks!

Share this post


Link to post
Share on other sites

I am not an expert with windows networking, but i would say child doamins for the remote locations would be a good choice. If this isn't an option due to budget constraints, I would say that you should upgrade your connection if you are going to host the PDC remotely. If this isn't an option, perhaps there is some sort of compression that you could use on the VPN link to help with the load. OpenVPN has good real-time compression support.

 

 

Sorry for the shameless plug, but i would recommend using pfsense for your firewall rather than ipcop. pfsense has much, much more power than ipcop. www.pfsense.com check it out!

Share this post


Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...