:: Re: [DNG] Current state of VPN soft…
トップ ページ
このメッセージを削除
このメッセージに返信
著者: tom
日付:  
To: dng
題目: Re: [DNG] Current state of VPN software ?
On Tue, 5 May 2020 15:04:17 -0400
Steve Litt <slitt@???> wrote:

> How did the SSH solution work out for you, performance wise?
>
> Why did you move from the SSH method to OpenVPN?
>
> Thanks,
>
> SteveT
>
> On Tue, 5 May 2020 06:15:45 -0600
> Chris Dos <chris@???> wrote:
>
> > On 4/8/20 2:14 PM, Simon Hobson wrote:
> > > It's been a while since I last did anything with VPNs on Linux,
> > > and I recall there being 3 options, some of which were "less well
> > > supported" than others. I'm looking to setup a site-site tunnel so
> > > I can remotely access stuff at mum's (she's in isolation because
> > > of this Covid 19 stuff) and using remote desktop control, connect
> > > her Mac to a video call.
> > >
> > > So what's the state of play in the VPN on Linux world - both ends
> > > would be running Devuan (one end an AMD64 VM, the other end rPi) ?
> > > Last thing I used was OpenVPN which AIUI is completely
> > > non-interoperable with anything else, while FreeSwan and OpenSwan
> > > were having a bun fight.
> > >
> > > Simon
> > >
> >
> > A little late, but I used to use a SSH script to create a full VPN
> > connection between my laptop and work sites. I just created a script
> > for each network I wanted to connect to. You'll need to set up SSH
> > keys first though to the root user (or you can modify the script to
> > use sudo on the remote end). Script I used to use:
> >
> > #!/bin/bash
> >
> > PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"
> >
> > HOST=remotehost.somedomain.com
> > REMOTETUNIP="172.16.200.2"
> > LOCALTUNIP="172.16.200.1"
> > REMOTENET="192.168.1.0"
> > REMOTENETMASK="255.255.255.0"
> >
> > if [ "$1" != "start" -a "$1" != "stop" ]
> > then
> >     echo "Syntax: $0 <start> <stop>"
> >     exit 1
> > fi
> >
> > if [ "$1" = "start" ]
> > then
> >     # Find next available local TUN device
> >     TUNNUMBER=0
> >     FINDTUN="false"
> >     while [ "$FINDTUN" = "false" ]
> >     do
> >         ifconfig -a | grep -v tunl | grep tun$TUNNUMBER > /dev/null
> >         if [ "$?" != "1" ]
> >         then
> >             let TUNNUMBER=$TUNNUMBER+1
> >         else
> >             FINDTUN="true"
> >         fi
> >     done
> >    
> >     sudo ssh -f -C -w any:any root@$HOST true
> >     ssh root@$HOST "ifconfig tun0 $REMOTETUNIP pointopoint
> > $LOCALTUNIP" ssh root@$HOST "iptables -A INPUT -i tun+ -j ACCEPT"
> >     ssh root@$HOST "iptables -A FORWARD -i tun+ -j ACCEPT"
> >     ssh root@$HOST 'echo 1 > /proc/sys/net/ipv4/ip_forward'
> >     sleep 3
> >     sudo ifconfig tun$TUNNUMBER $LOCALTUNIP pointopoint $REMOTETUNIP
> >     sudo route add -net $REMOTENET netmask $REMOTENETMASK gw
> > $LOCALTUNIP tun$TUNNUMBER
> >     echo "Tunnel has been set up"
> >
> > fi
> >
> > if [ "$1" = "stop" ]
> > then
> >     sudo kill `ps ax | grep "any:any root@$HOST true" | grep -v grep
> > | cut -c 1-5` > /dev/null
> >     ssh root@$HOST 'kill `ps ax | grep "sshd: root@notty" | grep -v
> > grep | cut -c 1-5`'
> >     ssh root@$HOST 'ifconfig tun0 down'
> > fi
> >
> >
> > I currently use OpenVPN tunnels, but oh my word, OpenVPN is a bear
> > to get set up properly.  Probably today, if I was going to do it
> > again, WireGuard might be the next easiest solution other than
> > using SSH.
> >
> >     Chris
>
>
>


I used to use OpenVPN but when Wireguard was invented and released I
stopped using all other VPN solutions and moved everything over to
Wireguard. It is so much better and simpler than anything else out
there I've seen for layer3 IP VPNs.

-- 
 _________________________________________ 
/ Arnold's Laws of Documentation:         \

|                                         |
| (1) If it should exist, it doesn't.     |
|                                         |
| (2) If it does exist, it's out of date. |
|                                         |
| (3) Only documentation for useless      |
| programs transcends the                 |
|                                         |

\ first two laws.                         /
 ----------------------------------------- 
\
 \
   /\   /\   
  //\\_//\\     ____
  \_     _/    /   /
   / * * \    /^^^]
   \_\O/_/    [   ]
    /   \_    [   /
    \     \_  /  /
     [ [ /  \/ _/
    _[ [ \  /_/