On Sunday, 21 June 2020 09:55:51 BST Keith Edmunds wrote: > I'm pleased you got it working, but...it sounds like a nightmare to > support and maintain. Very hacky, undocumented, alpha software, multi-hoop > jumping.
Yes and no. It isn't entirely undocumented just somewhat inadequately undocumented. I agree that it is a very early version of the software and I haven't gained any impression that anyone else has used it yet apart from the developer. In any case, unless someone can suggest a viable alternative to this software (which they couldn't when I asked a week or so ago), it's this or nothing. If you recall I had installed PiVPN (which installs OpenVPN on a Pi), but that conflicted with the Captive Portal Software nodogsplash. Ralph suggested wireguard, but no-one was able to help me get it installed; this still in the early stages of support on Raspberry Pi. Then the developer popped up on the Raspberry Pi Forums and offered to help me install PiStrong so I gave it a go. If I had known then what I know now I'd have saved myself two weeks of work and installed the VPN server on a separate Pi and used PiVPN, but I didn't so I tried this tool. Putting in another Pi is far from ideal since we are still in lockdown (and we wouldn't have needed any of this if we weren't). > Do you have a clear understanding of how it works, what components do > what, why each is there, and a network diagram marked with subnet > addresses? If not, I'd suggest you get all of those or - my real > suggestion - make it orders of magnitude less complex. If I had a clear understanding of how this or any other software worked you'd hear a lot less from me on this list. ;-) I'm not sure what you mean by 'make it orders of magnitude less complex'. Do you mean PiStrong or the network at WMT? Clearly I have no control over the complexity of PiStrong (still less over the strongSwan software that it installs), so there's nothing I can do about that (other than stop using it). The network at WMT is fully documented in both specifications and diagrams - I published a link to a partial diagram showing the basic architecture in an earlier thread. Again, the WMT network is what it is and I don't really see how we could make it simpler. There is one subnet in the private network and one in the Office network. All the Pis are connected to the private network and there is a simple Ethernet cable between the two networks as shown in the diagram, The private network is firewalled from the Office network except for routes set up by nodogsplash and PiStrong. Am I missing the point? -- Terry Coles -- Next meeting: Online, Jitsi, Tuesday, 2020-07-07 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk