Hi all.
This is an update to the thread originally started at:
http://lists.debian.org/debian-user/2013/08/msg00718.html
I won't give a summary here, the above URL can give the full story. To
recap briefly though, I ended up using NAT to route a public address
from my /29 subnet on my VPS to a
On 10/25/13, Gregory Nowak g...@gregn.net wrote:
This is an update to the thread originally started at:
http://lists.debian.org/debian-user/2013/08/msg00718.html
To recap briefly though, I ended up using NAT to route a public
address from my /29 subnet on my VPS to a private IP address
Ok. In case others besides Zenaan are interested, here is what I did
to get openvpn going, and to allow my laptop to get a public IP
address through openvpn from the /29 block of public addresses
allocated to me from my VPS provider. This setup works for my needs,
your mileage may vary as they
Hi Gregory,
Gregory Nowak wrote:
The public address assigned to the laptop would actually be
configured on the VPS,
Hmm... No. Sorry. Doesn't make sense. The public address assigned
to the laptop would probably be yet another private address behind a
NAT somewhere.
Ok, some
Gregory Nowak wrote:
In addition to this, I have iptables rules using the nat table,
which take traffic which has the laptop's public address as
destination, and do DNAT on it, changing the destination address to
be the laptop's private address. I also have a rule doing the
reverse. This rule
On Fri, Aug 23, 2013 at 12:36:58PM +, Bonno Bloksma wrote:
I have been following this and I think it is getting clear what you are doing
but I have lost what the problem is we are trying to resolve.
If I understand it right your setup is something like:
VPS has network 1.2.3.0/24
On Fri, Aug 23, 2013 at 11:16:12AM -0600, Bob Proulx wrote:
The device will still have an ethernet address whether you assigned
one to it or not. It is not necessary for you to assign one since one
has already been assigned by default. (From the vendor. Or in the
case of virtual hardware
Gregory Nowak wrote:
Bob Proulx wrote:
The device will still have an ethernet address whether you assigned
one to it or not. It is not necessary for you to assign one since one
has already been assigned by default. (From the vendor. Or in the
case of virtual hardware from the software
On Fri, Aug 23, 2013 at 04:54:46PM -0600, Bob Proulx wrote:
Uhm... Yes.
# ifconfig tun0
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
Silly bear! That is the tun device. Never tunnel the tun device.
The above is from the VPS, with the openvpn
On 8/24/13, Bob Proulx b...@proulx.com wrote:
Gregory Nowak wrote:
Bob Proulx wrote:
The device will still have an ethernet address whether you assigned
one to it or not. It is not necessary for you to assign one since one
has already been assigned by default. (From the vendor. Or in
On 8/24/13, Zenaan Harkness z...@freedbms.net wrote:
On 8/24/13, Bob Proulx b...@proulx.com wrote:
Right. Which does not have anything to do with the way proxy arp is
set up.
I thought this over again with my brain fresher in the afternoon than
it was last night, and you are right, it would
On 8/24/13, Gregory Nowak g...@gregn.net wrote:
As I already said, everything is working. The problem is solved. If
there is interest, I can paste the openvpn configs from server/client,
and the interfaces file with relevant iptables rules from the server
to show how I'm doing what I'm doing.
On Sat, Aug 24, 2013 at 12:44:28PM +1000, Zenaan Harkness wrote:
Whether or not using proxy arp, I recommend using tap device. I
believe there is a little more overhead with tun (higher in the
stack), _especially_ given you want to forward everything, ie DNAT and
SNAT. tun buys nothing but
On Sat, Aug 24, 2013 at 12:48:26PM +1000, Zenaan Harkness wrote:
Bob, your link http://shorewall.net/ProxyARP.htm is
great! Easy to read.
Yes, I meant to mention that. It does a good job of providing a
general explanation of proxy ARP indeed.
Greg
--
web site: http://www.gregn..net
gpg
On Sat, Aug 24, 2013 at 12:57:18PM +1000, Zenaan Harkness wrote:
Yes please! BUT: probably sanitize (obfuscate) your public, and
isp-provided, ip addresses, if there is any likelihood of the
existence of your particular VPN being of interest to an adversary.
Of course. I'll probably do that in
Gregory Nowak wrote:
Yes. So from all this, what I said still stands. The laptop would get
a private address from the VPN.
Yes.
The public address assigned to the laptop would actualy be
configured on the VPS,
Hmm... No. Sorry. Doesn't make sense. The public address assigned
to the
On Thu, Aug 22, 2013 at 04:16:13PM -0600, Bob Proulx wrote:
Gregory Nowak wrote:
The public address assigned to the laptop would actualy be
configured on the VPS,
Hmm... No. Sorry. Doesn't make sense. The public address assigned
to the laptop would probably be yet another private
On Mon, Aug 19, 2013 at 01:07:06PM +1000, Zenaan Harkness wrote:
I wrote:
actually want is to give one ip address out of that /29 to the
laptop. The laptop is an endpoint in itself. It doesn't have any other
You need to question yourself, imagine an isolated network of three computers:
A -
On 8/19/13, Gregory Nowak g...@gregn.net wrote:
On Mon, Aug 19, 2013 at 01:07:06PM +1000, Zenaan Harkness wrote:
I wrote:
actually want is to give one ip address out of that /29 to the
laptop. The laptop is an endpoint in itself. It doesn't have any other
You need to question yourself,
On Mon, Aug 19, 2013 at 06:27:58PM +1000, Zenaan Harkness wrote:
Read again this part of the OpenVPN man page which you pasted:
the proper usage of --ifconfig is to use two private
IP addresses which are not a member of any existing
subnet which is in use
Notice two private IP addresses,
Gregory Nowak wrote:
Since attempting to establish an ipsec connection is one of the two
things so far that crashes my VPS (earlier thread on this
list),
Ouch!
I've been looking at other alternatives for possible
workarounds. Let me backup, and describe what I want to do.
I have a
On Sun, Aug 18, 2013 at 04:29:16PM -0600, Bob Proulx wrote:
Your vpn will be connected to the public address. It will establish a
private address for the encrypted traffic.
Yes, except that it's a public address I'm actually after. More below.
I wrote:
I want to have the ability to connect
On 8/19/13, Gregory Nowak g...@gregn.net wrote:
On Sun, Aug 18, 2013 at 04:29:16PM -0600, Bob Proulx wrote:
Your vpn will be connected to the public address. It will establish a
private address for the encrypted traffic.
Yes, except that it's a public address I'm actually after. More below.
Sometimes it is easy to be unintentionally ambiguous.
I shall clarify a couple things below...
On 8/19/13, Zenaan Harkness z...@freedbms.net wrote:
On 8/19/13, Gregory Nowak g...@gregn.net wrote:
On Sun, Aug 18, 2013 at 04:29:16PM -0600, Bob Proulx wrote:
Your vpn will be connected to the
On Mon, Aug 19, 2013 at 10:26:14AM +1000, Zenaan Harkness wrote:
The key I think is the word routable which you use.
Yes, exactly.
After a successful VPN setup, your VPS becomes analogous to your home
internet modem router - the router has a public address dedicated to
_all_ of your home
On 8/19/13, Gregory Nowak g...@gregn.net wrote:
On Mon, Aug 19, 2013 at 10:26:14AM +1000, Zenaan Harkness wrote:
The key I think is the word routable which you use.
Yes, exactly.
After a successful VPN setup, your VPS becomes analogous to your home
internet modem router - the router has a
26 matches
Mail list logo