Hi > I'm not sure how this achieves the objective - the AD DNS servers will > now be available when the leased line is not, so my clients will > continue to try to use the private IPs for my services when I want them > to use the Internet-facing ones.
Sorry, my misunderstanding - I didn't realise this was what you were trying to achieve >> 2) Use OpenVPN or your favourite VPN software to tunnel into the head >> office over the internet. > > This works but adds complexity and overhead to the network, potentially > reducing performance and reliability. A DNS-based solution would be much > simpler. Understood, but also note that if you haven't tried OpenVPN then do give it a go! It's performance is superb and you are likely to be able to achieve 100mbit+ performance fairly easily (reports suggest it maxes out at some few hundred mbit mainly due to the kernel performance of tun/tap devices, rather than openvpn limiting you). Obviously if you are in Windows world mainly then other VPN options may be preferable, but I personally find that whilst the setup looks daunting on most of them, until you actually try... After that the setup looks fairly straightforward and quite a few implementations can use certificates, private keys, LDAP, etc, for authentication Using a VPN solves a bunch of problems that you haven't yet worried about such as eavesdropping, forced routing and the like? Simple is often best though! Good luck! Ed W
