Gregory Nowak wrote: > Since attempting to establish an ipsec connection is one of the two > things so far that crashes my VPS (earlier thread on this > list), Ouch! > I've been looking at other alternatives for possible > workarounds. Let me backup, and describe what I want to do. > I have a publicly routable /29 subnet with my VPS. Your vpn will be connected to the public address. It will establish a private address for the encrypted traffic. > I want to have the ability to connect to the VPS, and give a client > (gnu/linux, or windows) a static IP address through the VPS. The "through the VPS" words confuse me. A vpn client will have a private address on the client assigned to it. It will use it to connect to the private address on the server. Is that "through the VPS"? It is "to the VPS" certainly. > My original plan to do this was to use ipsec/l2tp, which I know how > to set up, and I've seen this type of setup in action. I have used ipsec previously and found the key exchange part on port udp 500 to be the weak part and a very large amount of trouble. This is why I prefer openvpn better. I have no experience with l2tp. > It seemed after doing some research that openvpn should be able to do > this. Seems reasonable to me. I use it for my mobile devices. I use it between several fixed sites to create VPNs between them. > After installing openvpn and reading up on it though, I keep running > into the limitation that server/client must communicate over an > unused subnet, and both have addresses on that subnet. That would be the _private_ of the virtual private network. :-) > Is there something I'm missing here, or won't openvpn in fact do > what I'm after? I read through this message and your previous one about the crashing problems in detail but I wasn't able to discern what you are trying to say. Sorry. I am sure they are clear to you. The difficulty is mine. It seems to me that you want private addresses. Otherwise how will you have a vpn? If you have public addresses then the communication will be public. If you want private communication then the addresses must need be private addresses. The other ways of using encryption such as https use public addresses but it is the protocol that is encrypted. An https:// connection will use a public address. But it starts a TLS connection when it connects. But if you want http:// to be private then it must do so over an encrypted private network connection. This creates the fundamental difference between the strategies. Using a vpn means that all of the unencrypted communication protocols are encrypted by the transport. (And redundantly any encrypted protocols will also be encrypted by the underlying transport making them encrypted twice.) Please say a few more words describing what you are trying to accomplish. > If the answer is no, I suppose I can use openvpn to establish an > openvpn connection using private addresses, and then do pptp/ppp > over that connection. Kludgey, but should work in theory. I don't > trust pptp/ppp by itself over the open net. I know there are other > options here, like ppp over ssh, but windows is the show stopper > here as far as I know. Any ideas? Thanks in advance. What is ppp doing for you? I am used to ppp driving the modem, dialing the phone, setting up addresses, adding routing information to the kernel route tables, and cleaning all up after hanging up the phone. Sure. But doesn't openvpn do all of that function for you? Using the network components with no phone of course. What is openvpn not doing that you would have ppp do? Bob
Attachment:
signature.asc
Description: Digital signature