On Tue, 5 May 2020 15:04:17 -0400
Steve Litt <sl...@troubleshooters.com> wrote:
> How did the SSH solution work out for you, performance wise?
>
> Why did you move from the SSH method to OpenVPN?
>
> Thanks,
>
> SteveT
>
> On Tue, 5 May 2020 06:15:45 -0600
> Chris Dos <ch...@chrisdos.com> wrote:
>
> > On 4/8/20 2:14 PM, Simon Hobson wrote:
> > > It's been a while since I last did anything with VPNs on Linux,
> > > and I recall there being 3 options, some of which were "less well
> > > supported" than others. I'm looking to setup a site-site tunnel so
> > > I can remotely access stuff at mum's (she's in isolation because
> > > of this Covid 19 stuff) and using remote desktop control, connect
> > > her Mac to a video call.
> > >
> > > So what's the state of play in the VPN on Linux world - both ends
> > > would be running Devuan (one end an AMD64 VM, the other end rPi) ?
> > > Last thing I used was OpenVPN which AIUI is completely
> > > non-interoperable with anything else, while FreeSwan and OpenSwan
> > > were having a bun fight.
> > >
> > > Simon
> > >
> >
> > A little late, but I used to use a SSH script to create a full VPN
> > connection between my laptop and work sites. I just created a script
> > for each network I wanted to connect to. You'll need to set up SSH
> > keys first though to the root user (or you can modify the script to
> > use sudo on the remote end). Script I used to use:
> >
> > #!/bin/bash
> >
> > PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"
> >
> > HOST=remotehost.somedomain.com
> > REMOTETUNIP="172.16.200.2"
> > LOCALTUNIP="172.16.200.1"
> > REMOTENET="192.168.1.0"
> > REMOTENETMASK="255.255.255.0"
> >
> > if [ "$1" != "start" -a "$1" != "stop" ]
> > then
> > echo "Syntax: $0 <start> <stop>"
> > exit 1
> > fi
> >
> > if [ "$1" = "start" ]
> > then
> > # Find next available local TUN device
> > TUNNUMBER=0
> > FINDTUN="false"
> > while [ "$FINDTUN" = "false" ]
> > do
> > ifconfig -a | grep -v tunl | grep tun$TUNNUMBER > /dev/null
> > if [ "$?" != "1" ]
> > then
> > let TUNNUMBER=$TUNNUMBER+1
> > else
> > FINDTUN="true"
> > fi
> > done
> >
> > sudo ssh -f -C -w any:any root@$HOST true
> > ssh root@$HOST "ifconfig tun0 $REMOTETUNIP pointopoint
> > $LOCALTUNIP" ssh root@$HOST "iptables -A INPUT -i tun+ -j ACCEPT"
> > ssh root@$HOST "iptables -A FORWARD -i tun+ -j ACCEPT"
> > ssh root@$HOST 'echo 1 > /proc/sys/net/ipv4/ip_forward'
> > sleep 3
> > sudo ifconfig tun$TUNNUMBER $LOCALTUNIP pointopoint $REMOTETUNIP
> > sudo route add -net $REMOTENET netmask $REMOTENETMASK gw
> > $LOCALTUNIP tun$TUNNUMBER
> > echo "Tunnel has been set up"
> >
> > fi
> >
> > if [ "$1" = "stop" ]
> > then
> > sudo kill `ps ax | grep "any:any root@$HOST true" | grep -v grep
> > | cut -c 1-5` > /dev/null
> > ssh root@$HOST 'kill `ps ax | grep "sshd: root@notty" | grep -v
> > grep | cut -c 1-5`'
> > ssh root@$HOST 'ifconfig tun0 down'
> > fi
> >
> >
> > I currently use OpenVPN tunnels, but oh my word, OpenVPN is a bear
> > to get set up properly. Probably today, if I was going to do it
> > again, WireGuard might be the next easiest solution other than
> > using SSH.
> >
> > Chris
>
>
>
I used to use OpenVPN but when Wireguard was invented and released I
stopped using all other VPN solutions and moved everything over to
Wireguard. It is so much better and simpler than anything else out
there I've seen for layer3 IP VPNs.
--
_________________________________________
/ Arnold's Laws of Documentation: \
| |
| (1) If it should exist, it doesn't. |
| |
| (2) If it does exist, it's out of date. |
| |
| (3) Only documentation for useless |
| programs transcends the |
| |
\ first two laws. /
-----------------------------------------
\
\
/\ /\
//\\_//\\ ____
\_ _/ / /
/ * * \ /^^^]
\_\O/_/ [ ]
/ \_ [ /
\ \_ / /
[ [ / \/ _/
_[ [ \ /_/
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
