VPN - some basic questions

Hello all.

I dabbled with ipsec years ago, and have used hamachi/tunngle/lanbridger and more recently ntops n2n. I was experimenting mainly. Recently though I have a need to implement a VPN, and to be honest don't understand the model.

So for those that use it a lot, what is the topology?

That is, if we suppose:

Machine A hosts the server in lan 192.168
Machine B in remote lan 10.2 joins machine A

Will machine A resources (shares) be visible to machine B? Or, is machine A just the gateway to connect clients?

If that is true, then I would assume that:

Machine A hosts server in lan 192.168
Machine B in lan 192.168 connects to machine A as client
Machine C in remote lan 10.2 connects to machine A

Now, machine B and C can see the others resources, but machine A, as the gateway or keeper of the paths/routes, really has no play at all.

I understand the difference between TAP and TUN, and have messed with both with n2n. I don't know which I need specifically.

The scenario is:
NAS box at location A
Remote computer at location B

Remote location needs to open a file (spreadsheet) that resides on NAS box. Not copy/download to the remote client, but actually open it as if it were in the same lan. With n2n I can do this, but not with the NAS, with a computer.

The NAS has the ability in the latest OS to use OpenVPN as client or server. I have tried a few different times, but don't think I know what is going on. Funny, this is a simple question IMO, but there is no answer I have seen at the OpenVPN website. I could have missed it of course, but I would have thought it would have been one of the very first basic questions.

Thanks for any help.

Sul.

 

OpenVPN is highly configurable, so there are no straightforward answers to your questions. What I've found useful is just perusing the man page, and reading briefly what each configuration option does.

You could also install their Access Server as a VMware VM, or as an instance on AWS. The software is free, and comes with two client licenses. Additional client licenses are rather inexpensive. It has a very user-friendly web GUI. There are settings to control what each client can access.

 

Thanks for the info. Wasn't aware of the access software.

I don't understand though why such a simple question is not answered up front. I would think many people would have the same question. Either the servers resources can be made available or they cannot. Seems black and white to me, but after another hour or more of reading, still no answer. Strange.

Sul.

 

I believe most of us here just use VPNs in client mode, connecting to foreign servers for internet only access. I've used them for years, *could* set up my own, on a box, or in my router...but never have. I just use TeamViewer or Hamachi for traditional "resource access" from abroad. Good questions, but I'm of no help in your case.

PD

 

A little googling tells me that OpenVPN servers can share folders on tunnel networks. I'm mostly familiar with VPN services, and providers tend to not do that

You could also run the VPN server on a router. The router could be a VM, bridged to get its own LAN IP. But maybe that's overkill.

Edit: I realize that the second idea is unworkable for a NAS box.

 

Ends up much easier than I expected. The VPN server is a part of the network really. While it is a server in the sense that it handles the authentication and negotiation, if it has file shares, those are available within the VPN.

In my case my NAS box has an openvpn package. I just needed to understand what was happening. Turns out, with a little bit of manipulation, I have a custom port to use and once I login, I just have to put the ip of the nas box in the run box (ie. \\1.2.3.4) and it is pretty much normal, just like at work. It does exactly what I wanted it to.

I was messing with setting up my own openvpn server, but to be brutally honest, the documentation for doing that is terrible. I'm no stranger to hardcore geek things, but I didn't know what they were talking about. Well, I should rephrase that. In order to create the keys etc, you need the easy-rsa batch files. That is what I had no idea what they were talking about, as the instructions to install that (it is now a modular component) were not clear.

So I bagged creating my own certs and such. Ends up I did not need to, although I really would have liked to gotten more in-depth just to learn.

Thanks for the replies guys.

Sul.

 

Good Sorry if I added to the confusion.

Yes, certificate and key infrastructure is blindingly complicated.

If you ever want to play, do try out the free OpenVPN Access Server package. It's totally web-GUI and very user-friendly.

 

if 2 Pcs connecting to a home network, 1 normal surfing(no VPN) and the other heavily torrenting through VPN..

what will the ISP see?

Is it anonymous?

 

Well, that is a basic question, but you just hijacked Sully's thread

I'm not sure what you mean by "anonymous".

The ISP will see everything about your non-VPN surfing, except what you do via HTTPS connections.

The ISP will see encrypted traffic with the VPN server. From the proportion and timing of incoming and outgoing packets, it may deduce that you're torrenting. But it will have no clue what you're torrenting, except what it might deduce about files sizes.

Other clients in the torrent swarms will see your VPN exit IP address, not your ISP-assigned IP address.

 

i see.... so an ISP can still throttle the bandwidth even when one on VPN?

 

apologies to Sully

 

Yes, of course it could. Indeed, it could throttle only VPN traffic

But the issue is having a defensible reason for throttling. Maybe you're just torrenting open-source software. It couldn't really tell.

It could throttle just for excessive throughput.

 

so what do u suggest to remain anonymous if 2 PCs connecting to a single network?

would a VPN services be sufficient?

 

What do you mean by "anonymous"?

From whom?

About what?

 

more towards ISP

 

NP. I always know what thread to search for if this one develops some good information

Sul.

 

Well, you can't be anonymous to the ISP without also being anonymous to whomever is paying for it

If you're using a VPN service, the ISP doesn't know what you're connecting to on the Internet. The VPN provider might tell them, of course. But I doubt that would happen, unless you were causing serious problems for both of them.

But still, I wouldn't call that anonymous. The ISP knows who you are. They just don't know what you're doing, except for what they can deduce from traffic patterns.

 

noted your inputs.