Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-31-2012, 09:55 PM
|
#1
|
LQ Newbie
Registered: Dec 2005
Posts: 11
Rep:
|
Setting up openVPN for a LAN
I am looking for a free/cheep vpn server for the LAN in our community.
Our setup is a bit more complex than most, I would say. All traffic to the outside wall passes through our firewall (made by Juniper), so we have one leg facing outwards. We have another leg for our web servers (dmz) and several internal legs for different parts of our network eg one for homes, one for offices and one for a factory. I am interested in forming a vpn with the offices section.
WWW <---> FIREWALL |<---> DMZ [ fixed ip]
...................|<---> Homes [ dhcp ]
...................|<---> Offices [ fixed ip ]
...................|<---> Factories [ fixed ip ]
(sorry about the dots, but I couldnt format it any other way)
I also have at my command an array of external IP addresses and can use one of these to connect directly through the fire wall (with/without a password) to any machine on the LAN.
As the administrator, I envisage being able to log into the LAN from anywhere outside the LAN via an IP address or URL like vpn.mycompany.com, receive an ip in the range of the offices and then, to all intents & purposes be part of the network.
I have other workers, who I would like to be able to connect up and only have limited services eg being able to connect up to their account on the domain server or map a certain directory on a certain computer.
I prefer installing the vpn 'server' using Linux (preferably Slackware), but most of my clients are windows machines.
I have looked briefly at openVPN, but cant find a tutorial that I can follow easily - mainly the assume you know what you are doing & understand the terminology. Also, I haven't found any that explains the physical setup needed, for instance, where do I place the server in the above diagram? What hardware do I need? What ports do I need open in the firewall? I dont envisage heavy traffic & only a few clients connected at the same time.
If anyone can help me or just point me in the right direction, I would be most grateful.
SysMan
|
|
|
02-01-2012, 08:25 AM
|
#2
|
LQ Newbie
Registered: Aug 2011
Distribution: Debian, Gentoo
Posts: 24
Rep:
|
Did you read this?
http://openvpn.net/index.php/open-so...ion/howto.html
Your vpn server should be reachable from all clients on UDP port 1194 (or anther port that you configure). This port must be opened in your firewall. If this can be done, it should be working. I have a server running with a public reachable port 1194. All clients (behind DSL connections with NAT) can connect to the VPN in a 10.8.0.0/16 net.
|
|
|
02-01-2012, 09:55 AM
|
#3
|
LQ 5k Club
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,578
|
Regards "sorry about the dots" you could use CODE tags. The easiest way to do that is to go into Advanced Mode and use the # button.
Presumably your Juniper firewall is also a NATting router in which case you will have to portforward UDP 1194 on it to the OpenVPN server.
AFAIK the page linked by eehmke is the best OpenVPN HOWTO. If you work through it systematically instead of trying to take it all in at once it is very good.
The scenario you describe requires bridged rather than routed mode (this is what makes client computers "to all intents & purposes be part of the network"). There's a security catch in that though. Client computers normally have a security key arrangement that works with the server to allow passwordless connection. That means that anybody in possession of a client computer can make a connection to your LAN. If the client computer is a portable device which could be stolen ... Adding passwords is possible but not trivial.
Regards the "other workers", if you use bridged mode then they are "to all intents & purposes be part of the network". You could set up two instances of OpenVPN, using different UDP ports, one routed and one bridged but the routed service users could only access the OpenVPN server itself.
The OpenVPN server should be on the Offices LAN.
OpenVPN hardware requirements are trivial.
EDIT: if this information makes you harden the systems on your LAN then that may be no bad thing!
Last edited by catkin; 02-01-2012 at 09:57 AM.
|
|
|
02-01-2012, 10:55 AM
|
#4
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,834
|
Ummm, there's no denying it: VPN configuration and especially debugging is quite difficult, if only "due to the essential nature of the beast."
You quite frankly may need to open your search beyond simply this web site in order to find truly qualified recommends about a network topology of this complex a nature. Because, what you want is not simply "a passage from the outside to the inside," but a limited passage to a portion of what is "inside," with the various components of the internal system also using VPN technology. And, you want the whole thing to be manageable, which probably means that some connection to internal security/infrastructure controls (e.g. LDAP, Kerberos) will be required.
|
|
|
02-04-2012, 06:31 AM
|
#5
|
Member
Registered: Jun 2000
Location: Buffalo, New York
Distribution: Ubuntu, Raspbian
Posts: 381
Rep:
|
Quote:
Originally Posted by sysman
I am looking for a free/cheep vpn server for the LAN in our community.
Our setup is a bit more complex than most, I would say. All traffic to the outside wall passes through our firewall (made by Juniper), so we have one leg facing outwards. We have another leg for our web servers (dmz) and several internal legs for different parts of our network eg one for homes, one for offices and one for a factory. I am interested in forming a vpn with the offices section.
WWW <---> FIREWALL |<---> DMZ [ fixed ip]
...................|<---> Homes [ dhcp ]
...................|<---> Offices [ fixed ip ]
...................|<---> Factories [ fixed ip ]
(sorry about the dots, but I couldnt format it any other way)
I also have at my command an array of external IP addresses and can use one of these to connect directly through the fire wall (with/without a password) to any machine on the LAN.
As the administrator, I envisage being able to log into the LAN from anywhere outside the LAN via an IP address or URL like vpn.mycompany.com, receive an ip in the range of the offices and then, to all intents & purposes be part of the network.
I have other workers, who I would like to be able to connect up and only have limited services eg being able to connect up to their account on the domain server or map a certain directory on a certain computer.
I prefer installing the vpn 'server' using Linux (preferably Slackware), but most of my clients are windows machines.
I have looked briefly at openVPN, but cant find a tutorial that I can follow easily - mainly the assume you know what you are doing & understand the terminology. Also, I haven't found any that explains the physical setup needed, for instance, where do I place the server in the above diagram? What hardware do I need? What ports do I need open in the firewall? I dont envisage heavy traffic & only a few clients connected at the same time.
If anyone can help me or just point me in the right direction, I would be most grateful.
SysMan
|
Hi, SysMan. I know you mentioned OpenVPN in your title. However, your message asks for an easy VPN solution and suggest you're having problems. The responses also appear to suggest complexity. You might consider PPTP VPN of which I wrote a script that will get it up and running in seconds.
Take a look at: http://faq.apollo3.com/ljames/ubuntu/vpn/ for a quick and easy resolution.
So it has worked in every tested environment without problems.
-- L. James
--
L. D. James
ljames@apollo3.com
www.apollo3.com/~ljames
|
|
|
All times are GMT -5. The time now is 01:23 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|