Hi all,
I need a suggestion or just to know if it's even possible to achieve the
following.
There is a "central" vpn server which is my main network.
I have a few other gateways (customers) which should connect to this
central server (there's a firewall on this machine too) which have
behind the customer network.
Then I have a few single servers which still connect to my centralized
VPN, with no network behind.
And then I have some road-warriors which connect mainly with the central
VPN, but could also connect to other's gateways as well if necessary.
Communication should go through direct link if possible.
What I want to achieve is:
1. road-warriors should be able to access all the VPN connected
hosts/networks.
2. Central network should be able to access all VPN connected
hosts/networks
3. Gateways/hosts/networks outside this should not see each other.
Basically I'd like to decide who sees who in the VPN.
Mainly the requirement is on the networks, the single hosts/gateways are
mainly in my control, so there should not be any security issue there.
At the beginning I though that not telling (copying remote hosts
information) on the hosts would limit their access to that network, but
that's not the case (routings are given to all hosts in the VPN).
Also the firewall is a no go, as it filters only traffic which passes
from the "central" server. And would like to avoid to make all traffic
go though this server.
What I'd like to achieve is to activate a VPN on the road-warriors and
be able to work as I was in the central network (but avoid traffic to go
through the central network).
I know I could probably setup multiple VPNs and configure each host to
access the ones it wants, but then road-warriors would either have to
activate each VPN or activate only the "central" one which would make
all traffic pass by this node.
Let me know if it's not clear enough.
Thank you.
Alessandro