[pptp-server] PPTP in Multi National Companies

Josh Howlett Josh.Howlett at bristol.ac.uk
Thu Jan 24 02:43:00 CST 2002


Ross,

I can't think of any way of doing this simply using networking voodoo.

One possibility would be to design a web-page on your corporate website
displaying the list of country VPN servers.  A user could select the
appropriate country, which would download a DUN file pre-configured for
that VPN server.  The user could then double-click on the DUN file, only
having to enter username and password.

You might also want to experiment using DNS round-robin for
load-balancing your VPN servers.  For example, say you have two VPN
servers (192.168.1.1 and 192.168.1.2) in Europe.  You map both those IP
addresses to the same hostname (europe-vpn.megacorp.com).  Hence, if the
VPN clients are configured to connect to "europe-vpn.megacorp.com", 50%
will actually connect to 192.168.1.1 and 50% will connect to
192.168.1.2.

Needless to say, I haven't tried either of these so your mileage may
vary :-/

josh.

On Wed, 23 Jan 2002, Hellings, Ross wrote:

> I work in a Multi National Company, and we have been deploying PPTP servers
> using the PoPoTp Server for some time now, running on Debian 'potato'
> machines for some time now, and we are very happy with its functionality.
> On a daily basis we have more than 10,000 people using our 10 servers
> running the PPTP Daemon.  We use a Solaris NIS+ server to deal with the
> chap-secrets file, so that any user on the Solaris chap-secrets file can log
> into any of our VPN servers, the reasoning being, 1. we don't want to
> manually update each server to add a new user, 2. I have this horrible thing
> with centralization, and I think things are much easier to manage this way.
> 
> What we do currently is, that we give each user a list of all the VPN
> servers, on a country basis, and they can then manually chose, which works
> fine.  But then there are all those idiots 'users' who do things like
> believe in proper grammar a IP address should end with another '.' when
> setting up the connection, result, it doesn't work.  What we want to do is
> essentially load balancing, what I envision is, we have one main, global
> PPTP server, someone tries to logon to it, the main PPTP server then re
> routes it to the closest available PPTP server, with the least lag, and then
> it logs on there instead, it should also be based on user load on the PPTP
> server.
> 
> Another problem I have noticed is that PPTP is reasonably slow, even if we
> PPTP in over the LAN in one country  , with 100MB/s network connectivity,
> then it will still take much longer to transfer a big file than normal, I
> found this out by trying to move a 1GB file, big mistake.  Is this due to
> the fact that the PPP daemon is designed for slow communications (e.g..
> Modems), or is there some way to speed this up.
> 
> What do the rest of you think about this kind of 'Load Balancing' idea, and
> what is the general consensus on centralization and PPTP?
> 
> Kind Regards, and thanks for you input.
> 
> Ross Hellings
> IS&T Manager,
> THK
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
> 
> 

---------------------------------------
Josh Howlett, Network Support Officer,
Networking & Digital Communications,
Information Systems & Computing,
University of Bristol, U.K.
0117 928 7850 | josh.howlett at bris.ac.uk
---------------------------------------




More information about the pptp-server mailing list