[plug] Working from home - VPN routers

Ian Kent raven at themaw.net
Sun Apr 12 16:41:03 AWST 2020


On Sun, 2020-04-12 at 10:46 +0800, Kevin Shackleton wrote:
> 
> The guys wanted a TAP VPN (which CMIIW I understand as a bridging VPN
> whereas a TUN is a routing VPN.  I'll try changing the config to a
> TUN and see if my problems disappear . .

Mmm ... looks like using a tap device will pass Windows broadcasts
through.

So, good for Windows, but needs scripting on Linux to be able to
use it.

Maybe setting a WINS server and "pushing" that to the clients with
a "dhcp-options" directive will be enough, not sure. Or set the
remote machine names in a local DNS and set the vpn server to push
the dns server would work, but I think there'll be no network
neighbourhood visibility.

Or use two vpn servers, one tap for windows clients and one tun for
Linux clients (and add the names to a local hosts file). Still, being
a bridge I think tap clients will send everything over the vpn tunnel
which might not be what you want and probably isn't the best thing to
do.

You could have a look at (looks pretty comprehensive):
https://openvpn.net/community-resources/ethernet-bridging/

And
/usr/share/doc/openvpn/sample/sample-scripts/bridge-start
/usr/share/doc/openvpn/sample/sample-scripts/bridge-stop

described in the above page, used with the up and down ovpn
configuration directives.

You may well need some iptables setup too ... beware that the down
script might be run in vpn user context (if you used user/group vpn
options) so you may need to use the openvpn-plugin-down-root.so
openvpn plugin to execute it.

TBH I haven't needed to worry about this stuff, up and down scripts
and user/group configuration is already done for me in the work
configurations and vpn provider configurations assume the vpn will
be used for everything and most block incoming traffic so I just
use a minimal container or secured VM for vpn setups that do allow
incoming connections (like for torrent client seeding).

Ian



More information about the plug mailing list