LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-13-2007, 07:10 AM   #1
duryodhan
Senior Member
 
Registered: Oct 2006
Distribution: Slackware 12 Kernel 2.6.24 - probably upgraded by now
Posts: 1,054

Rep: Reputation: 46
OpenVPN Question : connecting 5-6 comps with OpenVPN


Hey,
Has anyone used OpenVPN? We have 5-6 comps that we want to connect together.
They are : 172.16.a.b. I knw they are on the same intranet ... we just want a Secure encrypted connection between them all.
How hard would this be with openVPN? The machines don't have internet access ... so they can't connect to an online server ( as in the case of Hamachi) to connect together.
 
Old 02-14-2007, 08:07 PM   #2
fukawi2
Member
 
Registered: Oct 2006
Location: Melbourne, Australia
Distribution: ArchLinux, ArchServer, Fedora, CentOS
Posts: 448

Rep: Reputation: 34
What is your goal for creating the secure channel between PC's on a local network?
 
Old 02-14-2007, 10:31 PM   #3
duryodhan
Senior Member
 
Registered: Oct 2006
Distribution: Slackware 12 Kernel 2.6.24 - probably upgraded by now
Posts: 1,054

Original Poster
Rep: Reputation: 46
so that my netadmin can't see what I am doing!
 
Old 02-14-2007, 10:41 PM   #4
fukawi2
Member
 
Registered: Oct 2006
Location: Melbourne, Australia
Distribution: ArchLinux, ArchServer, Fedora, CentOS
Posts: 448

Rep: Reputation: 34
As a network admin myself, I can't say I agree with that, and if he's that interested in sniffing the network, all you're going to do is draw attention to yourself...

Having said that, can whatever you're using not provide encryption, or be passed over another encryption channel (eg, ssh)?

I've never experimented with a VPN on the same network segment, but just thinking about it, I don't think it's a very nice option. The idea of the OpenVPN server is to allow the remote road warrior access to the rest of the network segment where the server resides, but your remote client is already part of the server's network segment, and is using that segment to transport the encrypted VPN traffic.

I imagine that would create a confusing situation for your client when it's routing tables are telling it:
172.16.a.b/255.255.0.0 is the local network
172.16.a.b/255.255.0.0 is accessible by routing through this VPN tunnel

The VPN client is going to route traffic for the local network via the VPN, but in turn the TCP stack is going to want to route the encrypted VPN packets via the VPN itself as well - effectively an endless loop.

That's the way I see it anyway...
 
Old 02-15-2007, 06:19 AM   #5
duryodhan
Senior Member
 
Registered: Oct 2006
Distribution: Slackware 12 Kernel 2.6.24 - probably upgraded by now
Posts: 1,054

Original Poster
Rep: Reputation: 46
But maybe I could set up so that the ips in my VPN are of the type 10.a.b.c whereas the actual ips here are 172.a.b.c

Here is the correct reason I want to use VPN for :

I am in a University Lan behind NAT and HTTP proxy/firewall. All our hostels are connected to the same backbone ... but the netadmins have disabled connections between 2 different hostels. For. e.g I can connect directly to a friend in same hostel as mine ... but not to another friend who is in a different hostel. If I do type in his ip address in my browser it goes to the HTTP proxy which sends the packets properly.(i.e I can see his apache page). But as it never goes to the internet (all things are still on LAN) , speeds are blazing fast. Now the problem is, the HTTP proxy has blocked all ports except 80, 21 etc. etc. So , we can't play CS/AOE (games :P). So , I was thinking I could use VPN and set up a network which will work over port 80 but let me do everything.

I hope I was clear enough ....
 
Old 02-15-2007, 04:43 PM   #6
fukawi2
Member
 
Registered: Oct 2006
Location: Melbourne, Australia
Distribution: ArchLinux, ArchServer, Fedora, CentOS
Posts: 448

Rep: Reputation: 34
That makes it a bit easier to help...

I'm not sure if you can setup a completely independent network subnet purely for VPN use - someone else may be able to answer that. It certainly not something I've ever done, but I run net-to-net VPN's between Australia, New Zealand, USA and UK, plus client-to-net ("road-warrior") connections from all over the globe.

By the sounds of it, there is a firewall between you and your friends, and access is only provided via proxy. So unless you can get the proxy to forward your VPN packets to establish the connection, sounds like your out of luck with this one... I don't think there's any proxy around that will forward VPN packets when it's expecting HTTP / FTP packets. I've never heard of VPN via SOCKS proxy, assuming the proxy is enabled for SOCKS.

BTW, your hostels don't sound like they're in the same Network Segments: eg, Hostel A is in segment 1 (172.16.a.x) and Hostel B is in segment 2 (172.16.b.x). Your subnet mask will be able to confirm that - technically not the same *local* network.
 
Old 02-15-2007, 09:56 PM   #7
duryodhan
Senior Member
 
Registered: Oct 2006
Distribution: Slackware 12 Kernel 2.6.24 - probably upgraded by now
Posts: 1,054

Original Poster
Rep: Reputation: 46
ya they are not .... but 172.16.15.x and 172.16.16.y can access each other but not to others.
Leave the technicalities aside

I thought VPNs worked over HTTP traffic..... I am pretty sure Hamachi works over HTTP traffic.
 
Old 02-15-2007, 10:28 PM   #8
fukawi2
Member
 
Registered: Oct 2006
Location: Melbourne, Australia
Distribution: ArchLinux, ArchServer, Fedora, CentOS
Posts: 448

Rep: Reputation: 34
Possibly - I'm not familiar with "Hamachi"

OpenVPN certainly doesn't communicate via HTTP. That would be what HTTPS is for

Unfortunately VPN's are inherently somewhat technical by nature
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 02:20 AM
Help!. Problem connecting to an Openvpn through proxy server. microsoftguy Linux - Software 1 08-03-2006 09:54 PM
OpenVPN wwnexc Linux - Software 6 05-20-2006 02:34 PM
Openvpn client to client routing question soup Linux - Networking 0 02-16-2006 11:13 AM
openvpn connecting to a hradware vpn box antken Linux - Networking 0 07-31-2003 07:01 AM


All times are GMT -5. The time now is 06:43 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration