[colug-432] bridging OpenVPN into my LAN
Rick Troth
rmt at casita.net
Mon Jul 27 10:53:56 EDT 2015
So ... that could be the ideal resolution, but I see it forking the story.
What I mean is, I have some motivation to retain the same antiquated
IPv4 /24 that is embedded in too many home thingies. There is mental
momentum to use the same IPv6 /48 that I got from SixXS (now four years
ago, and works great, and does not usually require VPN).
If I get IPv6 via OpenVPN, then I am assured of some kind of IPv6
connectivity (even when a hotel WiFi would only dole out IPv4 leases;
stuff like that).
If I use IPv6 via OpenVPN, do I dedicate one of my personal IPv6 /64
networks to it? (Long story on what IPv6 personal is, why one would want
such, how one gets such, and possibly registering it.) Or do I attempt
to re-use my /48 via the tunnel?
What can you (Jim, or anyone) say about using multiple IPv6 addresses on
the same interface? (So that my home servers are on the /48 as always
but now also reachable by private /64 via tunnel.)
On 07/27/2015 10:36 AM, Jim Wildman wrote:
> Use ipv6 instead. This is exactly the issue that lead me to start
> using ipv6 tunnels.
>
> On Mon, 27 Jul 2015, Rick Troth wrote:
>
>> Started out this note asking about home-grown Cert Auth. Turns out that
>> OpenVPN pays attention to client versus server usage tagging in the
>> X.509 extensions. That's a GOOD thing, but I had seen so much brokenness
>> in PKI land that I ASSumed OpenVPN would be similarly careless. I feel
>> so much better now.
>>
>> Still got a little problem, though.
>>
>> With the client cert (in the Windoze OpenVPN client) and the server cert
>> (in the Linux OpenVPN server, they talk. But I'm having some trouble
>> getting the netmask right for may LAN boxes to be reachable from the
>> client. The latest go-round I used the example "server 10.8.0.0
>> 255.255.255.0" but the client winds up with a /30 netmask rather than
>> the expected /24.
>>
>> Thoughts?
>>
>> I thought I'd prefer "server-bridge" but failed with that config too.
>> (And at the moment I don't remember the details. Have been out of pocket
>> for several days.) Ideally I want the simplicity that the Win box sees
>> the same servers when mobile as it does when at home.
>>
>> This was all so easy with PPP over SSH on Linux.
>>
>> -- R; <><
>>
>>
>>
>> _______________________________________________
>> colug-432 mailing list
>> colug-432 at colug.net
>> http://lists.colug.net/mailman/listinfo/colug-432
>>
> ----------------------------------------------------------------------
> Jim Wildman, CISSP, RHCE jim at rossberry.com http://www.rossberry.net
> "Society in every state is a blessing, but Government, even in its best
> state, is a necessary evil; in its worst state, an intolerable one."
> Thomas Paine
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
More information about the colug-432
mailing list