On Sunday, 21 June 2020 09:55:51 BST Keith Edmunds wrote:
> I'm pleased you got it working, but...it sounds like a nightmare to
> support and maintain. Very hacky, undocumented, alpha software, multi-hoop
> jumping.
Yes and no. It isn't entirely undocumented just somewhat inadequately
undocumented. I agree that it is a very early version of the software and I
haven't gained any impression that anyone else has used it yet apart from the
developer.
In any case, unless someone can suggest a viable alternative to this software
(which they couldn't when I asked a week or so ago), it's this or nothing. If
you recall I had installed PiVPN (which installs OpenVPN on a Pi), but that
conflicted with the Captive Portal Software nodogsplash. Ralph suggested
wireguard, but no-one was able to help me get it installed; this still in the
early stages of support on Raspberry Pi.
Then the developer popped up on the Raspberry Pi Forums and offered to help me
install PiStrong so I gave it a go. If I had known then what I know now I'd
have saved myself two weeks of work and installed the VPN server on a separate
Pi and used PiVPN, but I didn't so I tried this tool. Putting in another Pi
is far from ideal since we are still in lockdown (and we wouldn't have needed
any of this if we weren't).
> Do you have a clear understanding of how it works, what components do
> what, why each is there, and a network diagram marked with subnet
> addresses? If not, I'd suggest you get all of those or - my real
> suggestion - make it orders of magnitude less complex.
If I had a clear understanding of how this or any other software worked you'd
hear a lot less from me on this list. ;-)
I'm not sure what you mean by 'make it orders of magnitude less complex'. Do
you mean PiStrong or the network at WMT? Clearly I have no control over the
complexity of PiStrong (still less over the strongSwan software that it
installs), so there's nothing I can do about that (other than stop using it).
The network at WMT is fully documented in both specifications and diagrams - I
published a link to a partial diagram showing the basic architecture in an
earlier thread. Again, the WMT network is what it is and I don't really see
how we could make it simpler. There is one subnet in the private network and
one in the Office network. All the Pis are connected to the private network
and
there is a simple Ethernet cable between the two networks as shown in the
diagram, The private network is firewalled from the Office network except for
routes set up by nodogsplash and PiStrong.
Am I missing the point?
--
Terry Coles
--
Next meeting: Online, Jitsi, Tuesday, 2020-07-07 20:00
Check to whom you are replying
Meetings, mailing list, IRC, ... http://dorset.lug.org.uk
New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
