VPN - some basic questions

Discussion in 'privacy technology' started by Sully, Mar 11, 2013.

Thread Status:
Not open for further replies.
  1. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Hello all.

    I dabbled with ipsec years ago, and have used hamachi/tunngle/lanbridger and more recently ntops n2n. I was experimenting mainly. Recently though I have a need to implement a VPN, and to be honest don't understand the model.

    So for those that use it a lot, what is the topology?

    That is, if we suppose:

    Machine A hosts the server in lan 192.168
    Machine B in remote lan 10.2 joins machine A

    Will machine A resources (shares) be visible to machine B? Or, is machine A just the gateway to connect clients?

    If that is true, then I would assume that:

    Machine A hosts server in lan 192.168
    Machine B in lan 192.168 connects to machine A as client
    Machine C in remote lan 10.2 connects to machine A

    Now, machine B and C can see the others resources, but machine A, as the gateway or keeper of the paths/routes, really has no play at all.

    I understand the difference between TAP and TUN, and have messed with both with n2n. I don't know which I need specifically.

    The scenario is:
    NAS box at location A
    Remote computer at location B

    Remote location needs to open a file (spreadsheet) that resides on NAS box. Not copy/download to the remote client, but actually open it as if it were in the same lan. With n2n I can do this, but not with the NAS, with a computer.

    The NAS has the ability in the latest OS to use OpenVPN as client or server. I have tried a few different times, but don't think I know what is going on. Funny, this is a simple question IMO, but there is no answer I have seen at the OpenVPN website. I could have missed it of course, but I would have thought it would have been one of the very first basic questions.

    Thanks for any help.

    Sul.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    OpenVPN is highly configurable, so there are no straightforward answers to your questions. What I've found useful is just perusing the man page, and reading briefly what each configuration option does.

    You could also install their Access Server as a VMware VM, or as an instance on AWS. The software is free, and comes with two client licenses. Additional client licenses are rather inexpensive. It has a very user-friendly web GUI. There are settings to control what each client can access.
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Thanks for the info. Wasn't aware of the access software.

    I don't understand though why such a simple question is not answered up front. I would think many people would have the same question. Either the servers resources can be made available or they cannot. Seems black and white to me, but after another hour or more of reading, still no answer. Strange.

    Sul.
     
  4. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I believe most of us here just use VPNs in client mode, connecting to foreign servers for internet only access. I've used them for years, *could* set up my own, on a box, or in my router...but never have. I just use TeamViewer or Hamachi for traditional "resource access" from abroad. Good questions, but I'm of no help in your case.

    PD
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    A little googling tells me that OpenVPN servers can share folders on tunnel networks. I'm mostly familiar with VPN services, and providers tend to not do that ;)

    You could also run the VPN server on a router. The router could be a VM, bridged to get its own LAN IP. But maybe that's overkill.

    Edit: I realize that the second idea is unworkable for a NAS box.
     
    Last edited: Mar 12, 2013
  6. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Ends up much easier than I expected. The VPN server is a part of the network really. While it is a server in the sense that it handles the authentication and negotiation, if it has file shares, those are available within the VPN.

    In my case my NAS box has an openvpn package. I just needed to understand what was happening. Turns out, with a little bit of manipulation, I have a custom port to use and once I login, I just have to put the ip of the nas box in the run box (ie. \\1.2.3.4) and it is pretty much normal, just like at work. It does exactly what I wanted it to.

    I was messing with setting up my own openvpn server, but to be brutally honest, the documentation for doing that is terrible. I'm no stranger to hardcore geek things, but I didn't know what they were talking about. Well, I should rephrase that. In order to create the keys etc, you need the easy-rsa batch files. That is what I had no idea what they were talking about, as the instructions to install that (it is now a modular component) were not clear.

    So I bagged creating my own certs and such. Ends up I did not need to, although I really would have liked to gotten more in-depth just to learn.

    Thanks for the replies guys.

    Sul.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Good :) Sorry if I added to the confusion.

    Yes, certificate and key infrastructure is blindingly complicated.

    If you ever want to play, do try out the free OpenVPN Access Server package. It's totally web-GUI and very user-friendly.
     
  8. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    if 2 Pcs connecting to a home network, 1 normal surfing(no VPN) and the other heavily torrenting through VPN..

    what will the ISP see?

    Is it anonymous?
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Well, that is a basic question, but you just hijacked Sully's thread ;)

    I'm not sure what you mean by "anonymous".

    The ISP will see everything about your non-VPN surfing, except what you do via HTTPS connections.

    The ISP will see encrypted traffic with the VPN server. From the proportion and timing of incoming and outgoing packets, it may deduce that you're torrenting. But it will have no clue what you're torrenting, except what it might deduce about files sizes.

    Other clients in the torrent swarms will see your VPN exit IP address, not your ISP-assigned IP address.
     
  10. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    i see.... so an ISP can still throttle the bandwidth even when one on VPN?
     
  11. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    apologies to Sully :D
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Yes, of course it could. Indeed, it could throttle only VPN traffic ;)

    But the issue is having a defensible reason for throttling. Maybe you're just torrenting open-source software. It couldn't really tell.

    It could throttle just for excessive throughput.
     
  13. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    so what do u suggest to remain anonymous if 2 PCs connecting to a single network?

    would a VPN services be sufficient?
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    What do you mean by "anonymous"?

    From whom?

    About what?
     
  15. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380

    more towards ISP
     
  16. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    NP. I always know what thread to search for if this one develops some good information ;)

    Sul.
     
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Well, you can't be anonymous to the ISP without also being anonymous to whomever is paying for it ;)

    If you're using a VPN service, the ISP doesn't know what you're connecting to on the Internet. The VPN provider might tell them, of course. But I doubt that would happen, unless you were causing serious problems for both of them.

    But still, I wouldn't call that anonymous. The ISP knows who you are. They just don't know what you're doing, except for what they can deduce from traffic patterns.
     
  18. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380

    noted your inputs. :thumb:
     
Loading...
Thread Status:
Not open for further replies.