Re: openvpn question
On Sun, Aug 18, 2013 at 04:29:16PM -0600, Bob Proulx wrote:
> Your vpn will be connected to the public address. It will establish a
> private address for the encrypted traffic.
Yes, except that it's a public address I'm actually after. More below.
I wrote:
> > I want to have the ability to connect to the VPS, and give a client
> > (gnu/linux, or windows) a static IP address through the VPS.
Maybe I should have been more explicit. I want to have the ability to
connect to the VPS, and give a client (gnu/linux, or windows) a
publicly routable static IP address through the VPS from the /29
subnet. So, for example let's say I'm somewhere with my laptop, and am
connecting from somewhere to the internet. This somewhere would likely
be using dynamic public addresses, and I may want to have my machine
reachable directly over the internet from this somewhere location. If
the dynamic address I'm assigned while connecting from somewhere is
10.0.0.1, I want to be able to connect to the VPS from somewhere, and
get it to assign my laptop a 192.168.1.2 address from that /29 subnet,
which in reality is a publicly routable static IP address. One could
say I'm turning the VPN concept on its head somewhat, though the
scenario I'm describing is still a VPN, but having one endpoint which
is publicly routable. I hope that makes more sense.
>
> The "through the VPS" words confuse me. A vpn client will have a
> private address on the client assigned to it. It will use it to
> connect to the private address on the server. Is that "through the
> VPS"? It is "to the VPS" certainly.
The scenario I proposed above requires the laptop to connect to the
VPS to get the static public address. Any traffic the laptop
sends/receives with that address will be routed through the VPS. So,
the connection is both to, as well as through the VPS
>
> It seems to me that you want private addresses. Otherwise how will
> you have a vpn? If you have public addresses then the communication
> will be public. If you want private communication then the addresses
> must need be private addresses.
In the typical VPN scenario this is correct. What I actually want is
endpoints where each endpoint has public and private addresses. The
client connects to the server (public). Using ppp would mean that the
client/server would have a private subnet to exchange packets locally
(private). One end of the ppp connection on the laptop would be a
public static IP address (public). I'm not sure how else to explain
this. If someone who understands what I'm talking about can do a
better job of explaining it, then please jump in by all means.
> What is ppp doing for you?
>
> I am used to ppp driving the modem, dialing the phone, setting up
> addresses, adding routing information to the kernel route tables, and
> cleaning all up after hanging up the phone. Sure. But doesn't
> openvpn do all of that function for you? Using the network components
> with no phone of course. What is openvpn not doing that you would
> have ppp do?
Ppp is the transport over which the packets flow. It can be
encapsulated in other transports direct serial to serial, ssh, l2tp
... Ppp forms a /32 subnet between the client/server. This subnet has
a local and remote address on both ends. In the scenario I'm
proposing, the local address on the server is a private one, and the
remote is public. On the client side, the local address is public, and
the remote is private. This is something openvpn seems to be unable to
do as far as I can tell.
Greg
> --
web site: http://www.gregn.net
gpg public key: http://www.gregn.net/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)
--
Free domains: http://www.eu.org/ or mail dns-manager@EU.org
Reply to: