[plug] Working from home - VPN routers

Ian Kent raven at themaw.net
Tue Apr 14 15:00:23 AWST 2020 

On Tue, 2020-04-14 at 11:43 +0800, Kevin Shackleton wrote:
> Thanks Ian, looks like a project to work on.  Maybe the new Ubuntu
> LTS will *just work* though it's a couple of months away.  Cheers,
> Kevin.

Indeed, yes.

As much as I like playing around with this stuff I've pretty
much got my hands full with sysfs improvements for large memory
systems, ;)

Ian
> 
> On Sun, 12 Apr 2020 at 16:41, Ian Kent <raven at themaw.net> wrote:
> > On Sun, 2020-04-12 at 10:46 +0800, Kevin Shackleton wrote:
> > > 
> > > The guys wanted a TAP VPN (which CMIIW I understand as a bridging
> > VPN
> > > whereas a TUN is a routing VPN.  I'll try changing the config to
> > a
> > > TUN and see if my problems disappear . .
> > 
> > Mmm ... looks like using a tap device will pass Windows broadcasts
> > through.
> > 
> > So, good for Windows, but needs scripting on Linux to be able to
> > use it.
> > 
> > Maybe setting a WINS server and "pushing" that to the clients with
> > a "dhcp-options" directive will be enough, not sure. Or set the
> > remote machine names in a local DNS and set the vpn server to push
> > the dns server would work, but I think there'll be no network
> > neighbourhood visibility.
> > 
> > Or use two vpn servers, one tap for windows clients and one tun for
> > Linux clients (and add the names to a local hosts file). Still,
> > being
> > a bridge I think tap clients will send everything over the vpn
> > tunnel
> > which might not be what you want and probably isn't the best thing
> > to
> > do.
> > 
> > You could have a look at (looks pretty comprehensive):
> > https://openvpn.net/community-resources/ethernet-bridging/
> > 
> > And
> > /usr/share/doc/openvpn/sample/sample-scripts/bridge-start
> > /usr/share/doc/openvpn/sample/sample-scripts/bridge-stop
> > 
> > described in the above page, used with the up and down ovpn
> > configuration directives.
> > 
> > You may well need some iptables setup too ... beware that the down
> > script might be run in vpn user context (if you used user/group vpn
> > options) so you may need to use the openvpn-plugin-down-root.so
> > openvpn plugin to execute it.
> > 
> > TBH I haven't needed to worry about this stuff, up and down scripts
> > and user/group configuration is already done for me in the work
> > configurations and vpn provider configurations assume the vpn will
> > be used for everything and most block incoming traffic so I just
> > use a minimal container or secured VM for vpn setups that do allow
> > incoming connections (like for torrent client seeding).
> > 
> > Ian
> >

More information about the plug mailing list