[plug] Working from home - VPN routers

Kevin Shackleton krshackleton at gmail.com
Tue Apr 14 11:41:29 AWST 2020


Looks neat, thanks Damon.

On Tue, 14 Apr 2020 at 10:49, Damon Perry <talk at damonperry.id.au> wrote:

> I'm a bit late on this but I thought I'd give my two cents.
>
> SoftEther has saved my bacon quite a few times when I've been asked to
> setup a VPN quickly.
> Auto traverses NAT, can act as an SSL VPN over 443, is a connector for
> other VPN services and comes with a ddns style proxy so no forwarding ports.
> You can install the server on whatever then attach your control panel gui
> to the server.
> It's easy and there is definitely a dirty feeling from it all just
> automagically working but it has worked well whenever I've had to take down
> my main OpenVPN network or some smartass hotel blocks everything except 443.
>
> https://www.softether.org/
>
> --
>   Damon Perry
>   talk at damonperry.id.au
>
> On Sun, 12 Apr 2020, at 16:41, Ian Kent wrote:
> > On Sun, 2020-04-12 at 10:46 +0800, Kevin Shackleton wrote:
> > >
> > > The guys wanted a TAP VPN (which CMIIW I understand as a bridging VPN
> > > whereas a TUN is a routing VPN.  I'll try changing the config to a
> > > TUN and see if my problems disappear . .
> >
> > Mmm ... looks like using a tap device will pass Windows broadcasts
> > through.
> >
> > So, good for Windows, but needs scripting on Linux to be able to
> > use it.
> >
> > Maybe setting a WINS server and "pushing" that to the clients with
> > a "dhcp-options" directive will be enough, not sure. Or set the
> > remote machine names in a local DNS and set the vpn server to push
> > the dns server would work, but I think there'll be no network
> > neighbourhood visibility.
> >
> > Or use two vpn servers, one tap for windows clients and one tun for
> > Linux clients (and add the names to a local hosts file). Still, being
> > a bridge I think tap clients will send everything over the vpn tunnel
> > which might not be what you want and probably isn't the best thing to
> > do.
> >
> > You could have a look at (looks pretty comprehensive):
> > https://openvpn.net/community-resources/ethernet-bridging/
> >
> > And
> > /usr/share/doc/openvpn/sample/sample-scripts/bridge-start
> > /usr/share/doc/openvpn/sample/sample-scripts/bridge-stop
> >
> > described in the above page, used with the up and down ovpn
> > configuration directives.
> >
> > You may well need some iptables setup too ... beware that the down
> > script might be run in vpn user context (if you used user/group vpn
> > options) so you may need to use the openvpn-plugin-down-root.so
> > openvpn plugin to execute it.
> >
> > TBH I haven't needed to worry about this stuff, up and down scripts
> > and user/group configuration is already done for me in the work
> > configurations and vpn provider configurations assume the vpn will
> > be used for everything and most block incoming traffic so I just
> > use a minimal container or secured VM for vpn setups that do allow
> > incoming connections (like for torrent client seeding).
> >
> > Ian
> >
> > _______________________________________________
> > PLUG discussion list: plug at plug.org.au
> > http://lists.plug.org.au/mailman/listinfo/plug
> > Committee e-mail: committee at plug.org.au
> > PLUG Membership: http://www.plug.org.au/membership
> >
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://lists.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.org.au
> PLUG Membership: http://www.plug.org.au/membership
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20200414/5d66369c/attachment.html>


More information about the plug mailing list