Here's a question for the STH'ers.
Has anyone done a larger number of endpoints (e.g. 16 sites) and put everything onto one subnet?
We have been discussing making a LAN in the neighborhood/ school for Minecraft and a Squid proxy for filtering content for the kids. It would be a way to ensure that the kids aren't just going next door to view questionable material since that household is less tech savvy.
If each house has a pfSense machine or something that can run site-to-site VPN, is there anyway that the "hub" pfSense instance can bridge a network for all the spokes? Let's say we have 10.199.199.1/24 as the network. Then give the devices for each of the kids an IP address on the 10.199.199.1/24 range so we know they're devices are going to be on that network.
Is the OpenVPN config for site to site basically local/ remote networks are both 10.199.199.1/24 then the tunnel network is something else like 10.0.1.1/24?
We were thinking that even colo'ing the hub nearby where one of the guys has some space and power might work for us. It also let's us turn off WAN access by stopping the VPN.
I wonder if pfSense can even do DHCP in this mode? Then we can get AP's that we can put certain MAC addresses on their own VLANs/ only the VPN network. That way the kids who are all still young, will not have any idea how we are turning off their access because they think they are connecting to the normal network.
Has anyone done a larger number of endpoints (e.g. 16 sites) and put everything onto one subnet?
We have been discussing making a LAN in the neighborhood/ school for Minecraft and a Squid proxy for filtering content for the kids. It would be a way to ensure that the kids aren't just going next door to view questionable material since that household is less tech savvy.
If each house has a pfSense machine or something that can run site-to-site VPN, is there anyway that the "hub" pfSense instance can bridge a network for all the spokes? Let's say we have 10.199.199.1/24 as the network. Then give the devices for each of the kids an IP address on the 10.199.199.1/24 range so we know they're devices are going to be on that network.
Is the OpenVPN config for site to site basically local/ remote networks are both 10.199.199.1/24 then the tunnel network is something else like 10.0.1.1/24?
We were thinking that even colo'ing the hub nearby where one of the guys has some space and power might work for us. It also let's us turn off WAN access by stopping the VPN.
I wonder if pfSense can even do DHCP in this mode? Then we can get AP's that we can put certain MAC addresses on their own VLANs/ only the VPN network. That way the kids who are all still young, will not have any idea how we are turning off their access because they think they are connecting to the normal network.