openvpn routed and bridged

[James Knott]

teddy mills wrote:
> VPN clients connecting to an OpenVPN routed server can only talk to
> the OpenVPN server itself.

If the server is configured as a router, you can talk to the entire
lan.  This is what I was doing, when I had a Linux firewall set up with
OpenVPN.  Unfortunately, the computer I was using for the
router/firewall gave it's life in that thunderstorm on Thursday (yes, it
was on a UPS)
>
> VPN clients connecting to an OpenVPN bridged clients can talk to
> everything on the remote LAN.
>
> You say an OpenVPN bridged requires ends to be on the same subnet, and
> you use your laptop from a variety of locations.

Any bridge requires all devices to be on the same subnet, even if some
are at a remote location.  This is not dependent on OpenVPN.  The bridge
could be an old ethernet bridge, an ethernet switch, PPP link or
whatever.  A bridge is a bride.
>
> I have not tested my OpenVPN bridge without portforwarding 1194/udp to
> my OpenVPN client. I do not think it will work without the
> portforwarding. (I have been known to be wrong before :)
>
It's not the forwarding that concerns me.  I've often used that in the
past for a variety of applications.  Rather, if I terminate the routed
VPN on a computer, then I can no longer send everything to the default
gateway and let it sort things out.  I have to separately route VPN
traffic to the computer where it terminates.  That requires any device
configured with DHCP to be told of the VPN route.  As I mentioned,
consumer level routers don't support doing that.  So, I'd have to
configure one of the computers as the DHCP server, to do it.  I suppose
I could configure the router DHCP server to point to the VPN computer as
the default gateway and let it use ICMP redirects to sort things out,
but that's messy.
> If thats true, I can only connect to my OpenVPN bridge when I have
> access to the local router. (to portforward 1194/udp)
>
> Fortunately I have another OpenVPN server that uses routed :)
> If you need to work remotely to the office lan you gotta have bridged.
>

No it doesn't.  I have never used a bridged VPN, always routed.  This
applies to OpenVPN, CIPE, IPSec, Windows PPTP etc.  With my own network,
I could access any device via the VPN, no matter where I was.  At work,
I could access remote servers etc., via IPSec VPN, again routed.

Bottom line, while I could set up the VPN on a computer, it would be
"cleaner", if it could be done on the router.  I do have the LinkSys
WRT54G, which runs Linux and apparently, with new software, can support
OpenVPN.  The question is how?


--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists