On Sun, Aug 18, 2013 at 04:29:16PM -0600, Bob Proulx wrote: > Your vpn will be connected to the public address. It will establish a > private address for the encrypted traffic.
Yes, except that it's a public address I'm actually after. More below. I wrote: > > I want to have the ability to connect to the VPS, and give a client > > (gnu/linux, or windows) a static IP address through the VPS. Maybe I should have been more explicit. I want to have the ability to connect to the VPS, and give a client (gnu/linux, or windows) a publicly routable static IP address through the VPS from the /29 subnet. So, for example let's say I'm somewhere with my laptop, and am connecting from somewhere to the internet. This somewhere would likely be using dynamic public addresses, and I may want to have my machine reachable directly over the internet from this somewhere location. If the dynamic address I'm assigned while connecting from somewhere is 10.0.0.1, I want to be able to connect to the VPS from somewhere, and get it to assign my laptop a 192.168.1.2 address from that /29 subnet, which in reality is a publicly routable static IP address. One could say I'm turning the VPN concept on its head somewhat, though the scenario I'm describing is still a VPN, but having one endpoint which is publicly routable. I hope that makes more sense. > > The "through the VPS" words confuse me. A vpn client will have a > private address on the client assigned to it. It will use it to > connect to the private address on the server. Is that "through the > VPS"? It is "to the VPS" certainly. The scenario I proposed above requires the laptop to connect to the VPS to get the static public address. Any traffic the laptop sends/receives with that address will be routed through the VPS. So, the connection is both to, as well as through the VPS > > It seems to me that you want private addresses. Otherwise how will > you have a vpn? If you have public addresses then the communication > will be public. If you want private communication then the addresses > must need be private addresses. In the typical VPN scenario this is correct. What I actually want is endpoints where each endpoint has public and private addresses. The client connects to the server (public). Using ppp would mean that the client/server would have a private subnet to exchange packets locally (private). One end of the ppp connection on the laptop would be a public static IP address (public). I'm not sure how else to explain this. If someone who understands what I'm talking about can do a better job of explaining it, then please jump in by all means. > What is ppp doing for you? > > I am used to ppp driving the modem, dialing the phone, setting up > addresses, adding routing information to the kernel route tables, and > cleaning all up after hanging up the phone. Sure. But doesn't > openvpn do all of that function for you? Using the network components > with no phone of course. What is openvpn not doing that you would > have ppp do? Ppp is the transport over which the packets flow. It can be encapsulated in other transports direct serial to serial, ssh, l2tp ... Ppp forms a /32 subnet between the client/server. This subnet has a local and remote address on both ends. In the scenario I'm proposing, the local address on the server is a private one, and the remote is public. On the client side, the local address is public, and the remote is private. This is something openvpn seems to be unable to do as far as I can tell. Greg > -- web site: http://www.gregn.net gpg public key: http://www.gregn.net/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) -- Free domains: http://www.eu.org/ or mail dns-mana...@eu.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130818234041.gb14...@gregn.net