[plug] Working from home - VPN routers
Kevin Shackleton
krshackleton at gmail.com
Sat Apr 25 18:11:00 AWST 2020
Well, I have Fossa, but no tap0 interface :-(
Time to move to Plan B - softether.
Kevin.
On Tue, 14 Apr 2020 at 11:43, Kevin Shackleton <krshackleton at gmail.com>
wrote:
> Thanks Ian, looks like a project to work on. Maybe the new Ubuntu LTS
> will *just work* though it's a couple of months away. Cheers, Kevin.
>
> On Sun, 12 Apr 2020 at 16:41, Ian Kent <raven at themaw.net> wrote:
>
>> On Sun, 2020-04-12 at 10:46 +0800, Kevin Shackleton wrote:
>> >
>> > The guys wanted a TAP VPN (which CMIIW I understand as a bridging VPN
>> > whereas a TUN is a routing VPN. I'll try changing the config to a
>> > TUN and see if my problems disappear . .
>>
>> Mmm ... looks like using a tap device will pass Windows broadcasts
>> through.
>>
>> So, good for Windows, but needs scripting on Linux to be able to
>> use it.
>>
>> Maybe setting a WINS server and "pushing" that to the clients with
>> a "dhcp-options" directive will be enough, not sure. Or set the
>> remote machine names in a local DNS and set the vpn server to push
>> the dns server would work, but I think there'll be no network
>> neighbourhood visibility.
>>
>> Or use two vpn servers, one tap for windows clients and one tun for
>> Linux clients (and add the names to a local hosts file). Still, being
>> a bridge I think tap clients will send everything over the vpn tunnel
>> which might not be what you want and probably isn't the best thing to
>> do.
>>
>> You could have a look at (looks pretty comprehensive):
>> https://openvpn.net/community-resources/ethernet-bridging/
>>
>> And
>> /usr/share/doc/openvpn/sample/sample-scripts/bridge-start
>> /usr/share/doc/openvpn/sample/sample-scripts/bridge-stop
>>
>> described in the above page, used with the up and down ovpn
>> configuration directives.
>>
>> You may well need some iptables setup too ... beware that the down
>> script might be run in vpn user context (if you used user/group vpn
>> options) so you may need to use the openvpn-plugin-down-root.so
>> openvpn plugin to execute it.
>>
>> TBH I haven't needed to worry about this stuff, up and down scripts
>> and user/group configuration is already done for me in the work
>> configurations and vpn provider configurations assume the vpn will
>> be used for everything and most block incoming traffic so I just
>> use a minimal container or secured VM for vpn setups that do allow
>> incoming connections (like for torrent client seeding).
>>
>> Ian
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20200425/214baf3c/attachment.html>
More information about the plug
mailing list