Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My network topology is a star, with one router/modem + 3 computers.
My computer runs Debian GNU/Linux testing, with Linux 2.6.26 on x86_64.
The other two computers run Microsoft Windows XP, and have low security policies.
I'd like to create a VPN but I need to strongly separate it from my LAN because the two Windows machines would fall immediately to any kind of attack, as they are administered by newbyes.
The ideal solution would allow anyone who connects to the VPN to be in a virtual LAN, but would allow no communication to the windows machines.
I'd also like to allow ssh access to my machine, and I would probably use a key+password authentication, for additional security.
What software to use? What configuration?
OpenVPN seems the right software, but I have no idea on how to configure it to obtain my idea.
Do you actually need a full vpn? Seems like all you'd need to do is have your router port forward the ssh port (22 if you haven't moved it) to your linux box anything extra could be tunneled over the ssh.
Do you actually need a full vpn? Seems like all you'd need to do is have your router port forward the ssh port (22 if you haven't moved it) to your linux box anything extra could be tunneled over the ssh.
yes, the main objective is to create a lan for everyone who connects to my pc [similar to hamachi], and I don't want everyone to have a shell on my pc
If its a mix of *nix and windows then openvpn or tinc are probably your best bet for the vpn. As for the setup you shouldn't need to do anything special with the vpn's to keep them from accessing the internal windows boxes, worst case you just put in an iptables drop for traffic from a vpn address going to the internal windows boxes' addresses
If the server side is behind a nat then you'll need to have your nat/firewall port forward the port the server is listening on. On the client side you might need to have it do a hearbeat or keepalive to keep path open if you are using udp if you are using tcp then the client side should work through nat.
UDP tends to be faster since it has less overhead then TCP. TCP tends to work better with firewalls since you have an established stream rather than disjointed packets.
The heartbeat or keepalive will vary for each different vpn. Openvpn's is --ping, you can also use --keepalive which combines --ping and --ping-restart.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.