Re: [gentoo-user] [OT] What is the best open-source VPN server for Linux?
On Wed, Apr 4, 2018 at 3:18 PM, geviszwrote: > A friend of mine asked me to recommend him an open-source > VPN-server for Linux but unfortunately I never used one. > If not https://www.wireguard.com/, I recommend OpenVPN. You could try to set up IPsec if you wanted. > After some googling, I have found OpenVPN but do not know > if it is the best choice that suits his purposes, namely to access > local network that does not have its own fixed IP from the outside. > > To be more precise: the local network to be accessed to from the > outside is part of another local network. The latter (outer) network > has its own fixed IP but the former (inner) network gets its IP via DHCP. > So, it is impossible to connect to a computer in the inner network > from the outside directly. > > The computer in local network to be connected runs Windows. > The said friend of mine have tried to run some VPN server from > Windows but it somehow hangs the "inner" computer when > his "outer" computer has problems connecting to the Internet. > > So, now his idea is > 1) to run a virtual machine in the "inner" (Windows) computer, > 2) to install into this virtual machine very lightweight Linux server > only to run in it a VPN-server that should help him to connect > from the outside to the "inner" host (Windows) computer, which > has its fixed IP within the inner local network. > I'm not sure this makes sense. Firstly, in the case of OpenVPN at least, there is a Windows client and associated signed fake network device drivers. Perhaps if using Wireguard you might want to connect through a VM to your VPN; I am not sure if there is a Windows client. Secondly - you need the VPN server to be running on a computer which is globally accessible. If your friend is in the US or some parts of Europe their home line may not be behind NAT, and would work if set up properly. In general most networks you connect to will not work. You will always need one computer which is not behind NAT. Cheers, R0b0t1
Re: [gentoo-user] [OT] What is the best open-source VPN server for Linux?
On Wednesday, 4 April 2018 23:02:20 BST Grant Taylor wrote: > On 04/04/2018 02:18 PM, gevisz wrote: > > A friend of mine asked me to recommend him an open-source VPN-server > > for Linux but unfortunately I never used one. > > That's a loaded ask. > > > After some googling, I have found OpenVPN but do not know if it is the > > best choice that suits his purposes, namely to access local network that > > does not have its own fixed IP from the outside. > > Okay This may be solvable, if the public facing gateway can be configured to forward the requisite ports/protocols to the LAN where the host is located. > > To be more precise: the local network to be accessed to from the outside > > is part of another local network. The latter (outer) network has its > > own fixed IP but the former (inner) network gets its IP via DHCP. So, > > it is impossible to connect to a computer in the inner network from the > > outside directly. > > Is this toplolgy accurate? > > (Client)---(Internet)---(OR)---(IR)---(Host) The OR can port forward the incoming VPN connection to the IR. The IR can then act as a VPN gateway for the inner LAN. > I'm guessing that your friend (client) wants to access something (host) > on the inner network. But to do so requires passing through the > Internet through Outer Router (with a static IP on the outside (left)) > and through the Inner Router (which has a dynamic IP on the outside > (left) obtained via DHCP)). Is that correct? > > What sort of control does your friend have on the OR & IR? > > Is NAT in use on either OR or IR? > > What sort of > > > The computer in local network to be connected runs Windows. The said > > friend of mine have tried to run some VPN server from Windows but it > > somehow hangs the "inner" computer when his "outer" computer has problems > > connecting to the Internet. > > Are you saying that the Host in the diagram above is running Windows? > Or are you referring to a different system? > > > So, now his idea is > > 1) to run a virtual machine in the "inner" (Windows) computer, > > 2) to install into this virtual machine very lightweight Linux server > > only to run in it a VPN-server that should help him to connect from the > > outside to the "inner" host (Windows) computer, which has its fixed IP > > within the inner local network. > > The VM may or may not be needed. > > Assuming that NAT is in play on OR and IR (worst case), then just about > /any/ form of VPN initiating from the outside will be fraught with > uphill battles. > > It is likely possible that your friend can reconfigure both OR and IR to > forward a port from the Internet to Host. But that will likely mean > that IR will need to have a static IP on it's outside interface. - I'm > guessing this can't be done or that it would have already been done. > > I think that your friend's best bet is to have the IR initiate an > outbound VPN to something on the Internet that the Client can then > initate connections to. (I'm happily using a $5/month Linode VPS to do > this.) > > There may be ways to make this work without having the Host initiate > outbound connections, but I'm not sure what they would be. > > As for which VPN, a number of people like OpenVPN. I personally prefer > OpenSSH's ability to do a routed (L3) (or bridged L2) VPN. (I've got > SSH exposed already, so it's one less port to expose.) I see a number > of people bragging about WireGuard. Of course there are the old PPTP / > L2TP / IPSec, though I would avoid them for this install. I'm sure > there are a number of other VPN technologies that I'm not thinking of. PPTP has been insecure for years and best be avoided. L2TP within IPSec is OK, but check what crypto the MSWindows uses. Last time I looked Win7 was not strong enough. IKEv2 + IPSec with strong crypto for both, is my personal preference for gateway-to-gateway VPNs. MSWindows also has SSTP (because MSoft had to create their own clone of OpenVPN). I think there's a Linux VPN client which will work with that: net-misc/sstp-client but have never tried it. Of course, if the above network topology suggested by Grant is correct, then you will likely be limited by whatever VPN software comes with IR. In all cases, make sure you use TLS RSA/SHA2 certificates for both client and VPN gateway authentication. Finally, check out Wireguard. It was designed from the ground up to overcome the complexity of previous VPN solutions. I have not tried it out yet, but will be next time I have to set up a VPN tunnel with a non-legacy router. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] sddm no longer working
On 04/04/18 23:14, Alexander Puchmayr wrote: > Hi there, > > After last update, on one machine sddm-0.17.0-r1 no longer does not anything > anymore. Systemd starts the service, and systemctl status shows that the sddm > is running, and also ps jax shows a running sddm. > > apollo ~ # systemctl status sddm > ● sddm.service - Simple Desktop Display Manager >Loaded: loaded (/lib/systemd/system/sddm.service; enabled; vendor preset: > disabled) >Active: active (running) since Wed 2018-04-04 16:41:28 CEST; 2s ago > Docs: man:sddm(1) >man:sddm.conf(5) > Main PID: 8350 (sddm) >CGroup: /system.slice/sddm.service >└─8350 /usr/bin/sddm > > Apr 04 16:41:28 apollo systemd[1]: Started Simple Desktop Display Manager. > Apr 04 16:41:28 apollo sddm[8350]: Initializing... > Apr 04 16:41:28 apollo sddm[8350]: Logind interface found > Apr 04 16:41:28 apollo sddm[8350]: Starting... > > But thats all. It does not create a log file (/var/log/sddm.log not touched, > no > entry), it does not start X (no process). It seems like sddm is starting and > waiting for something I don't know. > > Any ideas? > > Thanks, > Alex > > Had something similar (non-systemd) - make sure you complete all the X updates, run revdep-rebuild and then re-emerge sddm. BillK
Re: [gentoo-user] [OT] What is the best open-source VPN server for Linux?
On 04/04/2018 02:18 PM, gevisz wrote: A friend of mine asked me to recommend him an open-source VPN-server for Linux but unfortunately I never used one. That's a loaded ask. After some googling, I have found OpenVPN but do not know if it is the best choice that suits his purposes, namely to access local network that does not have its own fixed IP from the outside. Okay To be more precise: the local network to be accessed to from the outside is part of another local network. The latter (outer) network has its own fixed IP but the former (inner) network gets its IP via DHCP. So, it is impossible to connect to a computer in the inner network from the outside directly. Is this toplolgy accurate? (Client)---(Internet)---(OR)---(IR)---(Host) I'm guessing that your friend (client) wants to access something (host) on the inner network. But to do so requires passing through the Internet through Outer Router (with a static IP on the outside (left)) and through the Inner Router (which has a dynamic IP on the outside (left) obtained via DHCP)). Is that correct? What sort of control does your friend have on the OR & IR? Is NAT in use on either OR or IR? What sort of The computer in local network to be connected runs Windows. The said friend of mine have tried to run some VPN server from Windows but it somehow hangs the "inner" computer when his "outer" computer has problems connecting to the Internet. Are you saying that the Host in the diagram above is running Windows? Or are you referring to a different system? So, now his idea is 1) to run a virtual machine in the "inner" (Windows) computer, 2) to install into this virtual machine very lightweight Linux server only to run in it a VPN-server that should help him to connect from the outside to the "inner" host (Windows) computer, which has its fixed IP within the inner local network. The VM may or may not be needed. Assuming that NAT is in play on OR and IR (worst case), then just about /any/ form of VPN initiating from the outside will be fraught with uphill battles. It is likely possible that your friend can reconfigure both OR and IR to forward a port from the Internet to Host. But that will likely mean that IR will need to have a static IP on it's outside interface. - I'm guessing this can't be done or that it would have already been done. I think that your friend's best bet is to have the IR initiate an outbound VPN to something on the Internet that the Client can then initate connections to. (I'm happily using a $5/month Linode VPS to do this.) There may be ways to make this work without having the Host initiate outbound connections, but I'm not sure what they would be. As for which VPN, a number of people like OpenVPN. I personally prefer OpenSSH's ability to do a routed (L3) (or bridged L2) VPN. (I've got SSH exposed already, so it's one less port to expose.) I see a number of people bragging about WireGuard. Of course there are the old PPTP / L2TP / IPSec, though I would avoid them for this install. I'm sure there are a number of other VPN technologies that I'm not thinking of. I'm using OpenSSH's VPN feature between an inside client machine to an external Linode VPS that functions as a midway rondevu point. -- Grant. . . . unix || die
[gentoo-user] [OT] What is the best open-source VPN server for Linux?
A friend of mine asked me to recommend him an open-source VPN-server for Linux but unfortunately I never used one. After some googling, I have found OpenVPN but do not know if it is the best choice that suits his purposes, namely to access local network that does not have its own fixed IP from the outside. To be more precise: the local network to be accessed to from the outside is part of another local network. The latter (outer) network has its own fixed IP but the former (inner) network gets its IP via DHCP. So, it is impossible to connect to a computer in the inner network from the outside directly. The computer in local network to be connected runs Windows. The said friend of mine have tried to run some VPN server from Windows but it somehow hangs the "inner" computer when his "outer" computer has problems connecting to the Internet. So, now his idea is 1) to run a virtual machine in the "inner" (Windows) computer, 2) to install into this virtual machine very lightweight Linux server only to run in it a VPN-server that should help him to connect from the outside to the "inner" host (Windows) computer, which has its fixed IP within the inner local network. Thank you for advance and sorry for a bit of offtopic.
Re: [gentoo-user] Re: Firefox and addons no longer supported question
On 02/04/18 21:50, Philip Webb wrote: 180402 Dale wrote: After each period at the end of a sentence, I put in two spaces, not one. Something I was taught years ago somewhere and still do. I only put one after a comma tho. That is correct professional secretarial style, which I always follow too. I was taught to always start every paragraph with an indent. Which I believe is against "professional secretarial style". Different horses, different courses. I believe the indent was dropped to save a keystroke, so why the double-space is there (requiring an extra keystroke) I don't know. And why use secretarial style when you're typesetting? One is for letters, the other is typically for books ... that's the trouble with all this Artificial Stupidity - it blindly enforces rules that are irrelevant (or even wrong!!!) for the current scenario. Cheers, Wol
Re: [gentoo-user] sddm no longer working
Am Mittwoch, 4. April 2018, 17:20:17 CEST schrieb Jack: > On 2018.04.04 11:14, Alexander Puchmayr wrote: > > Hi there, > > > > After last update, on one machine sddm-0.17.0-r1 no longer does not > > anything anymore. Systemd starts the service, and systemctl status > > shows that the sddm is running, and also ps jax shows a running sddm. > > > > apollo ~ # systemctl status sddm > > ● sddm.service - Simple Desktop Display Manager > > > >Loaded: loaded (/lib/systemd/system/sddm.service; enabled; vendor > > > > preset: disabled) > > > >Active: active (running) since Wed 2018-04-04 16:41:28 CEST; 2s ago > > > > Docs: man:sddm(1) > > > >man:sddm.conf(5) > > > > Main PID: 8350 (sddm) > > > >CGroup: /system.slice/sddm.service > > > >└─8350 /usr/bin/sddm > > > > Apr 04 16:41:28 apollo systemd[1]: Started Simple Desktop Display > > Manager. > > Apr 04 16:41:28 apollo sddm[8350]: Initializing... > > Apr 04 16:41:28 apollo sddm[8350]: Logind interface found > > Apr 04 16:41:28 apollo sddm[8350]: Starting... > > > > But thats all. It does not create a log file (/var/log/sddm.log not > > touched, no entry), it does not start X (no process). It seems like > > sddm is starting and waiting for something I don't know. > > > > Any ideas? > > > > Thanks, > > > > Alex > > Can you start X manually? Is there anything relevant in > /var/log/Xorg.0.log? Yes, I can start X manually, and it seems to work. But sddm does not even start X. > Are all sddm config files OK? I think so. They look the same as before the update (where it worked fine) Alex
Re: [gentoo-user] sddm no longer working
On 2018.04.04 11:14, Alexander Puchmayr wrote: Hi there, After last update, on one machine sddm-0.17.0-r1 no longer does not anything anymore. Systemd starts the service, and systemctl status shows that the sddm is running, and also ps jax shows a running sddm. apollo ~ # systemctl status sddm ● sddm.service - Simple Desktop Display Manager Loaded: loaded (/lib/systemd/system/sddm.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2018-04-04 16:41:28 CEST; 2s ago Docs: man:sddm(1) man:sddm.conf(5) Main PID: 8350 (sddm) CGroup: /system.slice/sddm.service └─8350 /usr/bin/sddm Apr 04 16:41:28 apollo systemd[1]: Started Simple Desktop Display Manager. Apr 04 16:41:28 apollo sddm[8350]: Initializing... Apr 04 16:41:28 apollo sddm[8350]: Logind interface found Apr 04 16:41:28 apollo sddm[8350]: Starting... But thats all. It does not create a log file (/var/log/sddm.log not touched, no entry), it does not start X (no process). It seems like sddm is starting and waiting for something I don't know. Any ideas? Thanks, Alex Can you start X manually? Is there anything relevant in /var/log/Xorg.0.log? Are all sddm config files OK?
[gentoo-user] sddm no longer working
Hi there, After last update, on one machine sddm-0.17.0-r1 no longer does not anything anymore. Systemd starts the service, and systemctl status shows that the sddm is running, and also ps jax shows a running sddm. apollo ~ # systemctl status sddm ● sddm.service - Simple Desktop Display Manager Loaded: loaded (/lib/systemd/system/sddm.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2018-04-04 16:41:28 CEST; 2s ago Docs: man:sddm(1) man:sddm.conf(5) Main PID: 8350 (sddm) CGroup: /system.slice/sddm.service └─8350 /usr/bin/sddm Apr 04 16:41:28 apollo systemd[1]: Started Simple Desktop Display Manager. Apr 04 16:41:28 apollo sddm[8350]: Initializing... Apr 04 16:41:28 apollo sddm[8350]: Logind interface found Apr 04 16:41:28 apollo sddm[8350]: Starting... But thats all. It does not create a log file (/var/log/sddm.log not touched, no entry), it does not start X (no process). It seems like sddm is starting and waiting for something I don't know. Any ideas? Thanks, Alex