Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)In search of VPN server with specific requirements


89 posts

Master Geek


# 255598 20-Aug-2019 09:19
Send private message

Hi all

Im having issues with finding a solution which ticks all my boxes.

 

Im looking for a VPN server I can install on a linux box, which does bridging mode rather than routing mode.
(Get a proper internal IP address on my network, not routed though the servers internal IP. as I have filtering and such based in IP and it doesn't work if all traffic is coming from the VPN servers IP)

 

But also works on andriod phones.

Iv tried OpenVPN and WireGuard but neither seem to support bridge & Andriod
Iv also tried SoftEther, but setting it up properly has me a little confused so not to keen on that one.

 

Id also like it if I can run it on UDP 443 to bypass some public WiFi restrictions, but thats not a requirement rather a nice to have.

 

 

 

 

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
317 posts

Ultimate Geek


  # 2302445 20-Aug-2019 17:14
Send private message

OpenVPN supports bridge mode using a TAP interface.

4359 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2302446 20-Aug-2019 17:20
Send private message

I run pivpn on a pihole, which is just openvpn. Works fine. I use the openvpn for android app to connect to it.

 
 
 
 


497 posts

Ultimate Geek


  # 2302651 20-Aug-2019 22:33
Send private message

I run OpenVPN in bridging mode on my MythTV box (Ubuntu 18.04).  I have also in the past had to have it on port 22 so I could connect to it from work.  PM me if you would like help configuring it.  I have yet to change my setup from IP addresses assigned by OpenVPN to using DHCP to get the addresses directly from my router, but that should be possible.  When you use bridging, you can also get IPv6 to work without having to actually set up OpenVPN to support IPv6 as all the broadcast packets needed are automatically transferred in bridging mode.



89 posts

Master Geek


  # 2302696 21-Aug-2019 07:34
Send private message

Everyone here says OpenVPN
But when I run the android app it says "Tap mode is not supported"

So if someone could explain how to get around that?

191 posts

Master Geek

Lifetime subscriber

  # 2302752 21-Aug-2019 09:43
Send private message

pomtom44:

 

Everyone here says OpenVPN
But when I run the android app it says "Tap mode is not supported"

So if someone could explain how to get around that?

 

 

 

 

This app supports openvpn TAP on Android without root. It's not open source if that's important to you.



89 posts

Master Geek


  # 2302756 21-Aug-2019 09:50
Send private message

Resnick:

 

pomtom44:

 

Everyone here says OpenVPN
But when I run the android app it says "Tap mode is not supported"

So if someone could explain how to get around that?

 

 

 

 

This app supports openvpn TAP on Android without root. It's not open source if that's important to you.

 



I found that app, and if need be ill use it
Just not a fan of the subscription model thats attached to it, as Ill be setting it up on a few family members phones, and dont want to have to say "Hey, pay for this thing for something that im offering for free"

191 posts

Master Geek

Lifetime subscriber

  # 2302772 21-Aug-2019 09:54
Send private message

Fair enough. As @rscole86 suggested, pivpn is easy to setup and will achieve what you want without any problems. I also use it, no problems with android clients.

 
 
 
 




89 posts

Master Geek


  # 2302785 21-Aug-2019 10:07
Send private message

Resnick:

 

Fair enough. As @rscole86 suggested, pivpn is easy to setup and will achieve what you want without any problems. I also use it, no problems with android clients.

 



Doesnt that still run into the OpenVPN TAP Andriod issue though?

Im now thinking I may just have to do my firewalling on the VPN server rather than my main firewall

2952 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2302789 21-Aug-2019 10:16
Send private message

I'm not sure why TUN isn't an option, as I find issues with bridging over VPN and broadcast traffic.

 

I run OpenVPN at home and hand out DHCP addresses for the mobile clients.

 

It's routed traffic and each IP is unique and unless you need broadcast / Bonjour / mDNS then you use the Avahi in relay mode.

 

http://chrisreinking.com/need-bonjour-across-vlans-set-up-an-avahi-gateway/

 

Or the myriad of other articles talking about how to route Bonjour / mDNS traffic between two networks.




and


191 posts

Master Geek

Lifetime subscriber

  # 2302792 21-Aug-2019 10:20
Send private message

I'm using an exported pivpn ovpn profile on openvpn connect (android) client and it works. I can access home network shares, rdp etc without issue on my android phone and chromebook. I set it up some time ago but I don't recall any issues with bridging configurations. 



89 posts

Master Geek


  # 2302808 21-Aug-2019 10:23
Send private message

Resnick:

 

I'm using an exported pivpn ovpn profile on openvpn connect (android) client and it works. I can access home network shares, rdp etc without issue on my android phone and chromebook. I set it up some time ago but I don't recall any issues with bridging configurations. 

 



Its less about access network services, as that would work though either bridge or routed mode (as far as im aware)
Its more about the traffic on the network having the clients IP or the servers IP

If you run in TUN mode / routing, then any traffic on the LAN side uses the LAN ip of the VPN server.
Where if you run in TAP mode / bridge, then it uses the cleints IP

And I can't do my firewalling based on client IP if all traffic is using the VPN servers IP

2952 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2302811 21-Aug-2019 10:29
One person supports this post
Send private message

pomtom44:

 

Resnick:

 

I'm using an exported pivpn ovpn profile on openvpn connect (android) client and it works. I can access home network shares, rdp etc without issue on my android phone and chromebook. I set it up some time ago but I don't recall any issues with bridging configurations. 

 



Its less about access network services, as that would work though either bridge or routed mode (as far as im aware)
Its more about the traffic on the network having the clients IP or the servers IP

If you run in TUN mode / routing, then any traffic on the LAN side uses the LAN ip of the VPN server.
Where if you run in TAP mode / bridge, then it uses the cleints IP

And I can't do my firewalling based on client IP if all traffic is using the VPN servers IP

 

 

This isn't correct.

 

In TUN mode then there is a separate "OpenVPN" network on the internal side that all clients get a unique IP address and traffic is routed between the OpenVPN network and your internet LAN. Unless you put in a iptables firewall then there isn't anything blocking traffic in either direction when you are on the OpenVPN.

 

In TAP mode you get an IP address on the LAN network as your OpenVPN client is Layer 2 (L2) bridged to the LAN network so you get an IP Address from your LAN. This requires a lot of routing / L2 bridge trickery to work and thus typically requires more access on the client device.

 

The only thing that TUN mode has issues with is if you are using Broadcast / Multicast services such as Bonjour / mDNS for service discovery as they are in different subnets. That's where services like Avahi get around the issue. As this is no different to running two subnets on your internal LAN.




and




89 posts

Master Geek


  # 2302818 21-Aug-2019 10:35
Send private message

BarTender:

 

pomtom44:

 

Resnick:

 

I'm using an exported pivpn ovpn profile on openvpn connect (android) client and it works. I can access home network shares, rdp etc without issue on my android phone and chromebook. I set it up some time ago but I don't recall any issues with bridging configurations. 

 



Its less about access network services, as that would work though either bridge or routed mode (as far as im aware)
Its more about the traffic on the network having the clients IP or the servers IP

If you run in TUN mode / routing, then any traffic on the LAN side uses the LAN ip of the VPN server.
Where if you run in TAP mode / bridge, then it uses the cleints IP

And I can't do my firewalling based on client IP if all traffic is using the VPN servers IP

 

 

This isn't correct.

 

In TUN mode then there is a separate "OpenVPN" network on the internal side that all clients get a unique IP address and traffic is routed between the OpenVPN network and your internet LAN. Unless you put in a iptables firewall then there isn't anything blocking traffic in either direction when you are on the OpenVPN.

 

In TAP mode you get an IP address on the LAN network as your OpenVPN client is Layer 2 (L2) bridged to the LAN network so you get an IP Address from your LAN. This requires a lot of routing / L2 bridge trickery to work and thus typically requires more access on the client device.

 

The only thing that TUN mode has issues with is if you are using Broadcast / Multicast services such as Bonjour / mDNS for service discovery as they are in different subnets. That's where services like Avahi get around the issue. As this is no different to running two subnets on your internal LAN.

 



Thats exactly what I said isnt it?

I want to run in TAP mode so the traffic on the LAN uses the Clients IP, so then I can use my current firewall to do my traffic management
Like I do for my current vlans and devices.

I can't do that on TUN mode as my firewall only sees the internal IP of my VPN server and not the client IP thats connecting.

2415 posts

Uber Geek

Lifetime subscriber

  # 2302820 21-Aug-2019 10:39
Send private message

Nope.

2952 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2302823 21-Aug-2019 10:45
Send private message

pomtom44: Thats exactly what I said isnt it?

I want to run in TAP mode so the traffic on the LAN uses the Clients IP, so then I can use my current firewall to do my traffic management
Like I do for my current vlans and devices.

I can't do that on TUN mode as my firewall only sees the internal IP of my VPN server and not the client IP thats connecting.

 

The firewall will see the IP addresses allocated in TUN mode so you can apply traffic management. It is just that the traffic will come from a different subnet rather than your current LAN subnet.

 

So in TAP mode you would have

 

Firewall 192.168.1.1 + Subnet 192.168.1.0/24 + OpenVPN Server on 192.168.1.2 and LAN IP addresses of 192.168.1.10-50 and VPN IP addresses 192.168.1.200-192.168.1.210

 

Or something like that. The issue is the client to dish out the IPs is a lot more complicated

 

In TUN mode you would have:

 

Firewall 192.168.1.1 + Subnet 192.168.1.0/24 + OpenVPN Server on 192.168.1.2 and LAN IP addresses of 192.168.1.10-50

 

Then you would also have a network route on the Firewall for 192.168.2.0/24 via 192.168.1.2

 

OpenVPN would have the TUN interface on 192.168.2.1 and hand out IP Addresses on 192.168.2.10-50 or whatever and you would run Avahi on the OpenVPN Server as it would be a router.

 

Then the firewall would need to apply policy to 192.168.1.0/24 and 192.168.2.0/24 based on the traffic management you require.




and


 1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26

New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25

N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22

Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45

Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30

JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59

Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34

NZ Police releases public app
Posted 8-Jan-2020 11:43

Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06

Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54

AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42

AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32

Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09

Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.