Many of us would like to interconnect LANs over DSL links, unfortunately the difficulties of managing all the complexity of the solution (DSL, Firewall, NAT, DNS, PKI, routing, ...) has stopped more than one of us.
We do not intend to replace the very valuable documentation available on the Net, but more to drive you through a few practical use cases. The proposed solution uses OpenVPN which runs on most OS available on the market and with regular low cost DSL or cable network connections.
Our study does not cover all the possible use cases but presents the advantage of actually working between a few sites of fridu.org members located in different countries.
VPN based on SSL (as OpenVPN) can present, like any network topology, security weaknesses. At fridu.org we prefer PKI structure in lieu of shared secret. We assume that keys and certificat can be distributed in a reasonably safe manner. The proposed method has been optimised to limit the cost to zero Euros while keeping the security level to a decent level.
The Lan Interconnection use case covers the need of small office remote users who need to be permanently connected to a main LAN. At fridu.org we think that remote offices must stay operational even if the DSL link is down. To achieve this independence, we propose an IP interconnection and not an Ethernet bridge mode as covered in the roaming user use case. 
The roaming use case represents the need of a remote user who needs to connect to a main LAN in a transparent manner. Ideally, the remote and main LAN users will see no difference between roaming and locally connected users. The IP addressing plan will be the same, non IP protocol (e.g. printer and share discovery, Novell directory, ...) and IP multicast will work. 
SSL versus IPSEC is a common discussion topic.
OpenVPN is based on the Secured Socket Layer (SSL) which sits on top of the IP stack. With OpenVPN you can select variousauthentication methods and encryption algorithms. It can also provide data stream compression. 
