Has anyone played with OpenVPN? I was looking at it with a view to 1 remote client being able to appear local on my network. It installed alright, and I have the certificates and keys in place. But I appear to have a routing issue.

So long as the "tun" interface is up all IP traffic grinds to a halt. I've no idea how it configured itself but I'd guess its stolen the default route although the routing table doesn't quite look like that. Perhaps I need to give it different address space to the local network? Not sure...

I'm using 192.168.1.0/24 locally. The tun presently appears in that same address space oddly as 1 which is not a good thing, that is actually the gateways IP address. So what I need is to route a single local address out the VPN device.

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Scrawled in haste at The Lower Planes (21:3/101)

Re: OpenVPN
By: Spectre to Nobody on Sat Jul 11 2020 01:25 am

Has anyone played with OpenVPN? I was looking at it with a view to 1

Yup, use it all the time - but I use it with opnsense (which is a fork of pfsense).

Have you also considered zerotier? Its a little simpler to use, you just install a daemon, it'll set up the interface and then you "join" a network (that you can create at zerotier.com, and then authorise system as they request
to join).

I use zerotier with some FTN networks, and all the systems appear on a predictable IPv6 address (you can use IPv4 as well) - so even if they are dynamic, on the zerotier network they are static.

...ëîåï

... Omens are there to be broken.
--- SBBSecho 3.11-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

On 07-11-20 01:25, Spectre wrote to Nobody <=-

Has anyone played with OpenVPN? I was looking at it with a view to 1 remote client being able to appear local on my network. It installed alright, and I have the certificates and keys in place. But I appear
to have a routing issue.

Yes, I'be used it in a number of setups. :)

So long as the "tun" interface is up all IP traffic grinds to a halt.
I've no idea how it configured itself but I'd guess its stolen the
default route although the routing table doesn't quite look like that. Perhaps I need to give it different address space to the local network? Not sure...

Yes, assign an IP from a different network to the host network, otherwise you'll need to use a TAP device. Or it may be possible to use proxy ARP. It's been many years since I did a "road warrior" setup, but I used to manage some before 2003. OpenVPN was our tool of choice.

I'm using 192.168.1.0/24 locally. The tun presently appears in that
same address space oddly as 1 which is not a good thing, that is
actually the gateways IP address. So what I need is to route a single local address out the VPN device.

What OS?


... Buckle up; it makes it harder for the aliens to suck you out of the car. === MultiMail/Win v0.51
--- SBBSecho 3.10-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)

On 07-11-20 09:36, alterego wrote to Spectre <=-

Have you also considered zerotier? Its a little simpler to use, you
just install a daemon, it'll set up the interface and then you "join" a network (that you can create at zerotier.com, and then authorise system
as they request to join).

Yeah I'm a convert to ZeroTier myself. :)

I use zerotier with some FTN networks, and all the systems appear on a predictable IPv6 address (you can use IPv4 as well) - so even if they
are dynamic, on the zerotier network they are static.

Also good For bridging acroaa NAT routers and the link. ZT has allowed me to make inbound connections from my VPSs to inside the LAN.


... Beliefs are extremely powerful. Make sure you question yours often.
=== MultiMail/Win v0.51
--- SBBSecho 3.10-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)

Has anyone played with OpenVPN? I was looking at it with

Yup, use it all the time - but I use it with opnsense (which is a

Ok, so is the tun interface part of the same address space? Or either a subnet or alternate address space?

Have you also considered zerotier? Its a little simpler to use, you

Ahh no, the other end is a Mac user, it's pretty point and shoot in the vpn dept. So it was a KISS kind of answer to a question.

Thinking about it... he's using 192.168.0.x while I'm sitting on 192.168.1.x sould one could just route a gateway over the VPN, but I have no idea how to achieve that with what I've seen so far..

Spec


--- SuperBBS v1.17-3 (Eval)
* Origin: (21:3/101)

Yes, assign an IP from a different network to the host network,
otherwise you'll need to use a TAP device. Or it may be possible

Makes sense, probably assign a 10.x just to keep it well out of head space confusion for myself :) I have a bit of trouble bending my head around how it actually works though. I tend to over think it, and then confuse myself.

Spec

PS: Buntu, so *nix...


--- SuperBBS v1.17-3 (Eval)
* Origin: (21:3/101)

Re: OpenVPN
By: Spectre to alterego on Sun Jul 12 2020 12:17 am

Ok, so is the tun interface part of the same address space? Or either a subnet or alternate address space?

Thinking about it... he's using 192.168.0.x while I'm sitting on 192.168.1.x sould one could just route a gateway over the VPN, but I have no idea how to achieve that with what I've seen so far..

So OpenVPN is a new network, and you if you want to talk to devices beyond the network, you'll need route statements.

OpenVPN can set that up for you as well - as the "server", you basically tell the clients what the link network is and what you'll route through the link.

So for me, my systems are on a 10.x.x.x address, the OpenVPN link is 10.1.3.224/248, and my server advertises the 10.1.x.x/16 to the client so that it can route to any 10.1.x.x/16 address.

With zerotier its a bit simplier, each system joins a virtual ethernet, so no routing needed (or you can have 1 system route as well like openvpn does).

...ëîåï

... Nursing Law: All the IV trees are at the other end of the hall.
--- SBBSecho 3.11-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Re: OpenVPN
By: Spectre to alterego on Sun Jul 12 2020 12:17 am

Have you also considered zerotier? Its a little simpler to use, you

Ahh no, the other end is a Mac user, it's pretty point and shoot in the vpn dept. So it was a KISS kind of answer to a question.

If you want KISS, I think zerotier is way easier than OpenVPN, tunnelblick, etc.

For the MAC user, they'll install zerotier, and request to join a network (that
you tell them to).

For you, you'll install zerotier and request to join the same network (that you
configure in zerotier.com).

(A more advanced setup is running your own controller, but for now I'd use zerotier.com for KISS).

Done, you can talk to each other.

...ëîåï

... It would be illogical to kill without reason. Spock, stardate 3842.4.
--- SBBSecho 3.11-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

On 07-12-20 00:27, Spectre wrote to Vk3jed <=-

Yes, assign an IP from a different network to the host network,
otherwise you'll need to use a TAP device. Or it may be possible

Makes sense, probably assign a 10.x just to keep it well out of head
space confusion for myself :) I have a bit of trouble bending my head around how it actually works though. I tend to over think it, and then confuse myself.

Haha OK, :) options to play with. ;)

Spec

PS: Buntu, so *nix...

Cool, that at least rules out screwy Windows issues. ;)


... Does fuzzy logic tickle?
=== MultiMail/Win v0.51
--- SBBSecho 3.10-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)