[plug] Working from home - VPN routers

Kevin Shackleton krshackleton at gmail.com
Tue Apr 14 11:43:14 AWST 2020

Thanks Ian, looks like a project to work on.  Maybe the new Ubuntu LTS will
*just work* though it's a couple of months away.  Cheers, Kevin.

On Sun, 12 Apr 2020 at 16:41, Ian Kent <raven at themaw.net> wrote:

> On Sun, 2020-04-12 at 10:46 +0800, Kevin Shackleton wrote:
> >
> > The guys wanted a TAP VPN (which CMIIW I understand as a bridging VPN
> > whereas a TUN is a routing VPN.  I'll try changing the config to a
> > TUN and see if my problems disappear . .
> Mmm ... looks like using a tap device will pass Windows broadcasts
> through.
> So, good for Windows, but needs scripting on Linux to be able to
> use it.
> Maybe setting a WINS server and "pushing" that to the clients with
> a "dhcp-options" directive will be enough, not sure. Or set the
> remote machine names in a local DNS and set the vpn server to push
> the dns server would work, but I think there'll be no network
> neighbourhood visibility.
> Or use two vpn servers, one tap for windows clients and one tun for
> Linux clients (and add the names to a local hosts file). Still, being
> a bridge I think tap clients will send everything over the vpn tunnel
> which might not be what you want and probably isn't the best thing to
> do.
> You could have a look at (looks pretty comprehensive):
> https://openvpn.net/community-resources/ethernet-bridging/
> And
> /usr/share/doc/openvpn/sample/sample-scripts/bridge-start
> /usr/share/doc/openvpn/sample/sample-scripts/bridge-stop
> described in the above page, used with the up and down ovpn
> configuration directives.
> You may well need some iptables setup too ... beware that the down
> script might be run in vpn user context (if you used user/group vpn
> options) so you may need to use the openvpn-plugin-down-root.so
> openvpn plugin to execute it.
> TBH I haven't needed to worry about this stuff, up and down scripts
> and user/group configuration is already done for me in the work
> configurations and vpn provider configurations assume the vpn will
> be used for everything and most block incoming traffic so I just
> use a minimal container or secured VM for vpn setups that do allow
> incoming connections (like for torrent client seeding).
> Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20200414/a23d32ed/attachment.html>

More information about the plug mailing list