Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
to my knowledge bridged vpns will allow a single network to span two seperate locations. you have a bunch of machines in multiple locations all living on 192.168.1.0/24 for example. in a routed vpn you would have a different network on each site and add a route to your network to point the remote site down the tunnel explicitly. generally i'd strongly suggest the simpler architectuure of the routed approach each time. once you have the vpn configured you can access any computer from anywhere else in your private address space.
A few things about routed vs. bridged.
Each should be used in its own situation. Routed is useful for security because it keeps networks apart. Even in a physical scenario, you would want to keep a DMZ separated from the workstations. Bridging is useful when literally want a `virtual' network (i.e., the machines work exactly as if they are just plugged into the same hub/switch).
As for the interfaces question, usually a tunnel device is created (tun0 or similar) specifically for the VPN.
If your cable company has you on a private address, it means your NATed. Any VPN implementation that can solve NAT-Traversal will allow you to establish a connection. This is the same for a road warrior who brings his laptop to an internet cafe (a `classic' scenario in theoretical VPN).
a vpn doesn't necessarily come out of any ethernet interface, it will simply head in the direction that the remote peer lives in. if you have a router with a single 192.168.0.0/24 on eth0 and internet via eth1 then yes that's the direction the traffic would take.
essentially with a vpn you define what traffic (i.e. destination subnet) lives at the other end of that tunnel. when the local vpn end point (your router) recieves a piece of data for the remote private network it encapsulates the data securely and then at application level (i.e. like a webpage, irc connection or whatever) sends that packet to the remote peer. that peer then knows how to decrypt that packet and then releeases it onto it's local destination network. so you have private to private addressing via a public network which has no idea where these two private networks live.
Basically... VPN in "tunnel" mode makes a portion of the network addresses on one side of the tunnel visible on the other (it may or may not be a two-way visiblity), for specified types of traffic. Once the tunnel is established, any authorized user can employ it. The encryption and other services of VPN are invisible to the clients, who see the addresses as just ordinary IP's.
VPN, like most things, is full of confusing jargon and TLA's (three-letter acronyms ) but the essential ideas are simple. It's a rugged, industrial-strength facility which permits ordinary, un-modified applications to communicate securely across a non-secure network like the Internet, while enjoying the following benefits (among others) automatically:
The communications are securely encrypted, with robust, peer-reviewed algorithms, using randomly chosen keys that might be refreshed while the conversations are going on.
You know that the party you think you are connected to, really is that party.
You know that all of the packets that you sent, were received and were not modified in-transit.
You know that forged packets or replayed packets were not injected into the data stream.
There is very little loss of speed vs. unencrypted communication.
Some of the best brains in the business, including some with advanced security clearances, have contributed to the open standard and constantly peer-review its implementations.
(These benefits being enjoyed, of course, only if VPN is configured and deployed correctly, and in an environment requiring the level of security that VPN was intended to provide.)
and i connected my windows to the linux vpn server from other place with vpn default from windows
when i connect to the vpn server ,... the "ipconfig" at my windows shows..
22.214.171.124 ... but could ping to the server by the ip private of the server 10.41.0.15 i think doesnt matter because i could ping the server by a private ip ... the tunnel is made... well
now... i want to access to the machines that are in the segment of my vpn server by the VPN
for example the vpn server has 10.41.0.15 and other webserver has 10.41.0.1
can i acces from my house windows to the windows web server 10.41.0.1 ????? by the vpn stablished??
what can i do????
the vpn server at the config file to the clients must assign 10.0.0.2 - 20
i dont know why at my windows client ip config show 192.168.0.1