| View previous topic :: View next topic |
| Author |
Message |
kccricket
n00b
Joined: 03 Jun 2003
Posts: 51
Location: North Carolina, USA
|
 Posted: Thu Mar 20, 2008 5:32 am Post subject: Secure Wireless Roaming via VPN |
 |
|
What I am interested in doing:
I want to set up a VPN server on my Gentoo server. I want my laptops to be able to connect to this server when I'm on a public network. I want to use the VPN link as the default gateway on my laptops.
The server is a standalone machine with a single public-facing IP address.
I'd appreciate it if anyone could point me to a HOWTO (or the like) explaining how to set up the VPN server (OpenVPN, tinc, whatever) to accept and properly route connections like this. Thanks!
_________________
-kccricket
* chirp * chirp * |
|
| Back to top |
|
 |
baeksu
l33t
Joined: 26 Sep 2004
Posts: 609
Location: Seoul, Korea
|
| Posted: Thu Mar 20, 2008 5:54 am Post subject: |
|
|
Have you looked at Road Warriors with OpenVPN?
Personally, I use openvpn on a NAT router flashed with DD-WRT firmware. I found that to be a much easier way to set up an openvpn server, as I didn't need to go mucking about the network devices on my home server.
_________________
Gnome:
1. A legendary being.
2. A never ending quest to make unix friendly to people who don't want unix and excruciating for those that do. |
|
| Back to top |
|
|
kccricket
n00b
Joined: 03 Jun 2003
Posts: 51
Location: North Carolina, USA
|
| Posted: Thu Mar 20, 2008 6:12 am Post subject: |
|
|
So, what I'm gathering is that I'd have to set up a TUN or TAP (not sure which) interface on my server to act as a NAT gateway for the connecting VPN clients. Sort of like a simple NATed home LAN, but with virtual devices.
_________________
-kccricket
* chirp * chirp * |
|
| Back to top |
|
|
BillyBob-SA1
n00b
Joined: 17 Nov 2004
Posts: 53
|
| Posted: Thu Mar 20, 2008 6:59 pm Post subject: |
|
|
I personally use the openVPN solution on a bridging interface with a tun device. All the directions are on the openVPN site: http://openvpn.net/howto.html All of it is a piece of cake. Just have to have the kernel config'd for bridging --> CONFIG_TUN=y - CONFIG_BRIDGE=y - CONFIG_BRIDGE_NETFILTER=y
The ONE thing that you will probably want to remember if you want to push your own DNS and gateway is choose a LAN address for your internal machines to be far away from a typical wireless LAN network. I.E. 10.243.28.0/24 or what ever. Billings is a small town and most free wireless are on the default network 192.168.x.x. Everything works as advertised as long as your personal LAN isn't in the same network as the wireless.
I had to change from the typical 192.168.(0/1).0/24 addresses because of routing problems. That took some patience, but was worth it in the long run. I have several friends using mine and one of them has his own server and I can share his too. Makes for a convenient relationship  .
And on my laptop, I still keep zonealarm running when I am on the road.
If you want some typical configs, I can post them.
_________________
-------------------------------------------------------
John Jaeger
System Administrator
Billings, Montana USA |
|
| Back to top |
|
|
|
Networking & Security
