| View previous topic :: View next topic |
| Author |
Message |
johndo
n00b
Joined: 22 Nov 2003
Posts: 32
|
 Posted: Sun Jan 15, 2006 5:56 pm Post subject: Virtual private network solution |
 |
|
I am looking to set up a VPN between about 10 to 20 computers running windows and linux.
All clients are on cable modems or somethine similar. Most of the computers wll actually change there location in about 6 months.
Openvpn nearly handled everything. With the client-to-client option, the clients can communicate with eachother. The problem is that, as far as I know (needs to be tested), client to client traffic still flows through the server. thats a serious problem, the server's bandwidth can not handle that kind of traffic. I am wondering if anyone has had any experience with setting up a VPN for a scenario similar to the one I described.
There is a program called hamachi (http://www.hamachi.cc/) that seems to do a pretty good job of peer to peer vpn. Clients just need a network name and a passphrase (PSK?) to connect. All client to client traffic seems to be direct (and encrypted). the setup is very simple relative to any other vpn I have come across. There doesn't seem to be an support for revoking a client's ability to connect like you can with a certificate based vpn, but I can justbe careful with a small network. The problem: hamachi is free as in beer, but not as in speech. I was hoping for more of a gpl'd package. |
|
| Back to top |
|
 |
JRV
Apprentice
Joined: 10 Jan 2004
Posts: 291
|
| Posted: Mon Jan 16, 2006 12:50 am Post subject: Re: Virtual private network solution |
|
|
| johndo wrote: | | The problem: hamachi is free as in beer, but not as in speech. I was hoping for more of a gpl'd package. |
Very interesting idea indeed. I don't know of any free as in freedom implementations though.
It should be possible to hack something up, though:
1) Run an OpenVPN server on each client node (set up with PKI = public key infrastructure)
2) use DynDNS for each client node (so your "central server" is replaced by dynamic DNS)
3) configure each client node to connect to the DynDNS names' IPs on demand (maybe hack up a GUI for that)
Hamachi also offers additional security in step 2) by securely authenticating clients that login to the server, but I don't see that you'd really need it. If someone managed to poison the DNS, your OpenVPN will still not connect to the malicious server because of the PKI. No man-in-the-middle attack either (public keys can be verified through the CA).
JRV |
|
| Back to top |
|
|
Shazam
Apprentice
Joined: 23 Nov 2004
Posts: 191
Location: Germany
|
| Posted: Sun Jun 03, 2007 11:14 pm Post subject: |
|
|
I know this thread is kind of old, but should fit my needs
Well, that was something I was always wondering about, does the client-to-client option really tunnel all the traffic through the gateway instead of sending it directly?
Is there any alternative rather that hamachi for doing a similar job like hamachi?
because i don't really trust hamachi either. this setting up a network somewhere with a password that is saved somewhere else.
if there would be something opensource, i could trust it a bit more, and maybe with something, where the login-in-server is in your hand. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
