LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   OpenVPN Question : connecting 5-6 comps with OpenVPN (http://www.linuxquestions.org/questions/linux-networking-3/openvpn-question-connecting-5-6-comps-with-openvpn-528630/)

duryodhan 02-13-2007 08:10 AM

OpenVPN Question : connecting 5-6 comps with OpenVPN
 
Hey,
Has anyone used OpenVPN? We have 5-6 comps that we want to connect together.
They are : 172.16.a.b. I knw they are on the same intranet ... we just want a Secure encrypted connection between them all.
How hard would this be with openVPN? The machines don't have internet access ... so they can't connect to an online server ( as in the case of Hamachi) to connect together.

fukawi2 02-14-2007 09:07 PM

What is your goal for creating the secure channel between PC's on a local network?

duryodhan 02-14-2007 11:31 PM

so that my netadmin can't see what I am doing!

fukawi2 02-14-2007 11:41 PM

As a network admin myself, I can't say I agree with that, and if he's that interested in sniffing the network, all you're going to do is draw attention to yourself...

Having said that, can whatever you're using not provide encryption, or be passed over another encryption channel (eg, ssh)?

I've never experimented with a VPN on the same network segment, but just thinking about it, I don't think it's a very nice option. The idea of the OpenVPN server is to allow the remote road warrior access to the rest of the network segment where the server resides, but your remote client is already part of the server's network segment, and is using that segment to transport the encrypted VPN traffic.

I imagine that would create a confusing situation for your client when it's routing tables are telling it:
172.16.a.b/255.255.0.0 is the local network
172.16.a.b/255.255.0.0 is accessible by routing through this VPN tunnel

The VPN client is going to route traffic for the local network via the VPN, but in turn the TCP stack is going to want to route the encrypted VPN packets via the VPN itself as well - effectively an endless loop.

That's the way I see it anyway...

duryodhan 02-15-2007 07:19 AM

But maybe I could set up so that the ips in my VPN are of the type 10.a.b.c whereas the actual ips here are 172.a.b.c

Here is the correct reason I want to use VPN for :

I am in a University Lan behind NAT and HTTP proxy/firewall. All our hostels are connected to the same backbone ... but the netadmins have disabled connections between 2 different hostels. For. e.g I can connect directly to a friend in same hostel as mine ... but not to another friend who is in a different hostel. If I do type in his ip address in my browser it goes to the HTTP proxy which sends the packets properly.(i.e I can see his apache page). But as it never goes to the internet (all things are still on LAN) , speeds are blazing fast. Now the problem is, the HTTP proxy has blocked all ports except 80, 21 etc. etc. So , we can't play CS/AOE (games :P). So , I was thinking I could use VPN and set up a network which will work over port 80 but let me do everything.

I hope I was clear enough .... :)

fukawi2 02-15-2007 05:43 PM

That makes it a bit easier to help...

I'm not sure if you can setup a completely independent network subnet purely for VPN use - someone else may be able to answer that. It certainly not something I've ever done, but I run net-to-net VPN's between Australia, New Zealand, USA and UK, plus client-to-net ("road-warrior") connections from all over the globe.

By the sounds of it, there is a firewall between you and your friends, and access is only provided via proxy. So unless you can get the proxy to forward your VPN packets to establish the connection, sounds like your out of luck with this one... I don't think there's any proxy around that will forward VPN packets when it's expecting HTTP / FTP packets. I've never heard of VPN via SOCKS proxy, assuming the proxy is enabled for SOCKS.

BTW, your hostels don't sound like they're in the same Network Segments: eg, Hostel A is in segment 1 (172.16.a.x) and Hostel B is in segment 2 (172.16.b.x). Your subnet mask will be able to confirm that - technically not the same *local* network.

duryodhan 02-15-2007 10:56 PM

ya they are not .... but 172.16.15.x and 172.16.16.y can access each other but not to others.
Leave the technicalities aside :D

I thought VPNs worked over HTTP traffic..... I am pretty sure Hamachi works over HTTP traffic.

fukawi2 02-15-2007 11:28 PM

Possibly - I'm not familiar with "Hamachi"

OpenVPN certainly doesn't communicate via HTTP. That would be what HTTPS is for :)

Unfortunately VPN's are inherently somewhat technical by nature ;)


All times are GMT -5. The time now is 04:23 PM.