Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)In search of VPN server with specific requirements


69 posts

Master Geek


# 255598 20-Aug-2019 09:19
Send private message quote this post

Hi all

Im having issues with finding a solution which ticks all my boxes.

 

Im looking for a VPN server I can install on a linux box, which does bridging mode rather than routing mode.
(Get a proper internal IP address on my network, not routed though the servers internal IP. as I have filtering and such based in IP and it doesn't work if all traffic is coming from the VPN servers IP)

 

But also works on andriod phones.

Iv tried OpenVPN and WireGuard but neither seem to support bridge & Andriod
Iv also tried SoftEther, but setting it up properly has me a little confused so not to keen on that one.

 

Id also like it if I can run it on UDP 443 to bypass some public WiFi restrictions, but thats not a requirement rather a nice to have.

 

 

 

 

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
305 posts

Ultimate Geek


  # 2302445 20-Aug-2019 17:14
Send private message quote this post

OpenVPN supports bridge mode using a TAP interface.

4352 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2302446 20-Aug-2019 17:20
Send private message quote this post

I run pivpn on a pihole, which is just openvpn. Works fine. I use the openvpn for android app to connect to it.

 
 
 
 


471 posts

Ultimate Geek


  # 2302651 20-Aug-2019 22:33
Send private message quote this post

I run OpenVPN in bridging mode on my MythTV box (Ubuntu 18.04).  I have also in the past had to have it on port 22 so I could connect to it from work.  PM me if you would like help configuring it.  I have yet to change my setup from IP addresses assigned by OpenVPN to using DHCP to get the addresses directly from my router, but that should be possible.  When you use bridging, you can also get IPv6 to work without having to actually set up OpenVPN to support IPv6 as all the broadcast packets needed are automatically transferred in bridging mode.



69 posts

Master Geek


  # 2302696 21-Aug-2019 07:34
Send private message quote this post

Everyone here says OpenVPN
But when I run the android app it says "Tap mode is not supported"

So if someone could explain how to get around that?

188 posts

Master Geek

Lifetime subscriber

  # 2302752 21-Aug-2019 09:43
Send private message quote this post

pomtom44:

 

Everyone here says OpenVPN
But when I run the android app it says "Tap mode is not supported"

So if someone could explain how to get around that?

 

 

 

 

This app supports openvpn TAP on Android without root. It's not open source if that's important to you.



69 posts

Master Geek


  # 2302756 21-Aug-2019 09:50
Send private message quote this post

Resnick:

 

pomtom44:

 

Everyone here says OpenVPN
But when I run the android app it says "Tap mode is not supported"

So if someone could explain how to get around that?

 

 

 

 

This app supports openvpn TAP on Android without root. It's not open source if that's important to you.

 



I found that app, and if need be ill use it
Just not a fan of the subscription model thats attached to it, as Ill be setting it up on a few family members phones, and dont want to have to say "Hey, pay for this thing for something that im offering for free"

188 posts

Master Geek

Lifetime subscriber

  # 2302772 21-Aug-2019 09:54
Send private message quote this post

Fair enough. As @rscole86 suggested, pivpn is easy to setup and will achieve what you want without any problems. I also use it, no problems with android clients.

 
 
 
 




69 posts

Master Geek


  # 2302785 21-Aug-2019 10:07
Send private message quote this post

Resnick:

 

Fair enough. As @rscole86 suggested, pivpn is easy to setup and will achieve what you want without any problems. I also use it, no problems with android clients.

 



Doesnt that still run into the OpenVPN TAP Andriod issue though?

Im now thinking I may just have to do my firewalling on the VPN server rather than my main firewall

2823 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2302789 21-Aug-2019 10:16
Send private message quote this post

I'm not sure why TUN isn't an option, as I find issues with bridging over VPN and broadcast traffic.

 

I run OpenVPN at home and hand out DHCP addresses for the mobile clients.

 

It's routed traffic and each IP is unique and unless you need broadcast / Bonjour / mDNS then you use the Avahi in relay mode.

 

http://chrisreinking.com/need-bonjour-across-vlans-set-up-an-avahi-gateway/

 

Or the myriad of other articles talking about how to route Bonjour / mDNS traffic between two networks.





188 posts

Master Geek

Lifetime subscriber

  # 2302792 21-Aug-2019 10:20
Send private message quote this post

I'm using an exported pivpn ovpn profile on openvpn connect (android) client and it works. I can access home network shares, rdp etc without issue on my android phone and chromebook. I set it up some time ago but I don't recall any issues with bridging configurations. 



69 posts

Master Geek


  # 2302808 21-Aug-2019 10:23
Send private message quote this post

Resnick:

 

I'm using an exported pivpn ovpn profile on openvpn connect (android) client and it works. I can access home network shares, rdp etc without issue on my android phone and chromebook. I set it up some time ago but I don't recall any issues with bridging configurations. 

 



Its less about access network services, as that would work though either bridge or routed mode (as far as im aware)
Its more about the traffic on the network having the clients IP or the servers IP

If you run in TUN mode / routing, then any traffic on the LAN side uses the LAN ip of the VPN server.
Where if you run in TAP mode / bridge, then it uses the cleints IP

And I can't do my firewalling based on client IP if all traffic is using the VPN servers IP

2823 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2302811 21-Aug-2019 10:29
One person supports this post
Send private message quote this post

pomtom44:

 

Resnick:

 

I'm using an exported pivpn ovpn profile on openvpn connect (android) client and it works. I can access home network shares, rdp etc without issue on my android phone and chromebook. I set it up some time ago but I don't recall any issues with bridging configurations. 

 



Its less about access network services, as that would work though either bridge or routed mode (as far as im aware)
Its more about the traffic on the network having the clients IP or the servers IP

If you run in TUN mode / routing, then any traffic on the LAN side uses the LAN ip of the VPN server.
Where if you run in TAP mode / bridge, then it uses the cleints IP

And I can't do my firewalling based on client IP if all traffic is using the VPN servers IP

 

 

This isn't correct.

 

In TUN mode then there is a separate "OpenVPN" network on the internal side that all clients get a unique IP address and traffic is routed between the OpenVPN network and your internet LAN. Unless you put in a iptables firewall then there isn't anything blocking traffic in either direction when you are on the OpenVPN.

 

In TAP mode you get an IP address on the LAN network as your OpenVPN client is Layer 2 (L2) bridged to the LAN network so you get an IP Address from your LAN. This requires a lot of routing / L2 bridge trickery to work and thus typically requires more access on the client device.

 

The only thing that TUN mode has issues with is if you are using Broadcast / Multicast services such as Bonjour / mDNS for service discovery as they are in different subnets. That's where services like Avahi get around the issue. As this is no different to running two subnets on your internal LAN.







69 posts

Master Geek


  # 2302818 21-Aug-2019 10:35
Send private message quote this post

BarTender:

 

pomtom44:

 

Resnick:

 

I'm using an exported pivpn ovpn profile on openvpn connect (android) client and it works. I can access home network shares, rdp etc without issue on my android phone and chromebook. I set it up some time ago but I don't recall any issues with bridging configurations. 

 



Its less about access network services, as that would work though either bridge or routed mode (as far as im aware)
Its more about the traffic on the network having the clients IP or the servers IP

If you run in TUN mode / routing, then any traffic on the LAN side uses the LAN ip of the VPN server.
Where if you run in TAP mode / bridge, then it uses the cleints IP

And I can't do my firewalling based on client IP if all traffic is using the VPN servers IP

 

 

This isn't correct.

 

In TUN mode then there is a separate "OpenVPN" network on the internal side that all clients get a unique IP address and traffic is routed between the OpenVPN network and your internet LAN. Unless you put in a iptables firewall then there isn't anything blocking traffic in either direction when you are on the OpenVPN.

 

In TAP mode you get an IP address on the LAN network as your OpenVPN client is Layer 2 (L2) bridged to the LAN network so you get an IP Address from your LAN. This requires a lot of routing / L2 bridge trickery to work and thus typically requires more access on the client device.

 

The only thing that TUN mode has issues with is if you are using Broadcast / Multicast services such as Bonjour / mDNS for service discovery as they are in different subnets. That's where services like Avahi get around the issue. As this is no different to running two subnets on your internal LAN.

 



Thats exactly what I said isnt it?

I want to run in TAP mode so the traffic on the LAN uses the Clients IP, so then I can use my current firewall to do my traffic management
Like I do for my current vlans and devices.

I can't do that on TUN mode as my firewall only sees the internal IP of my VPN server and not the client IP thats connecting.

2300 posts

Uber Geek

Lifetime subscriber

  # 2302820 21-Aug-2019 10:39
Send private message quote this post

Nope.

2823 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2302823 21-Aug-2019 10:45
Send private message quote this post

pomtom44: Thats exactly what I said isnt it?

I want to run in TAP mode so the traffic on the LAN uses the Clients IP, so then I can use my current firewall to do my traffic management
Like I do for my current vlans and devices.

I can't do that on TUN mode as my firewall only sees the internal IP of my VPN server and not the client IP thats connecting.

 

The firewall will see the IP addresses allocated in TUN mode so you can apply traffic management. It is just that the traffic will come from a different subnet rather than your current LAN subnet.

 

So in TAP mode you would have

 

Firewall 192.168.1.1 + Subnet 192.168.1.0/24 + OpenVPN Server on 192.168.1.2 and LAN IP addresses of 192.168.1.10-50 and VPN IP addresses 192.168.1.200-192.168.1.210

 

Or something like that. The issue is the client to dish out the IPs is a lot more complicated

 

In TUN mode you would have:

 

Firewall 192.168.1.1 + Subnet 192.168.1.0/24 + OpenVPN Server on 192.168.1.2 and LAN IP addresses of 192.168.1.10-50

 

Then you would also have a network route on the Firewall for 192.168.2.0/24 via 192.168.1.2

 

OpenVPN would have the TUN interface on 192.168.2.1 and hand out IP Addresses on 192.168.2.10-50 or whatever and you would run Avahi on the OpenVPN Server as it would be a router.

 

Then the firewall would need to apply policy to 192.168.1.0/24 and 192.168.2.0/24 based on the traffic management you require.





 1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Facebook Portal to land in New Zealand
Posted 19-Sep-2019 18:35

Amazon Studios announces New Zealand as location for its upcoming series based on The Lord of the Rings
Posted 18-Sep-2019 17:24

The Warehouse chooses Elasticsearch service
Posted 18-Sep-2019 13:55

Voyager upgrades core network to 100Gbit
Posted 18-Sep-2019 13:52

Streaming service Acorn TV launches in New Zealand with selection with British shows
Posted 18-Sep-2019 08:55

Bitcoin.com announces partnership with smartphone manufacturer HTC
Posted 16-Sep-2019 21:30

Finalists Announced for Microsoft NZ Partner Awards
Posted 16-Sep-2019 19:37

OPPO Showcases New CameraX Capabilities at Google Developer Days China 2019
Posted 15-Sep-2019 12:42

New Zealand PC Market returns to growth
Posted 15-Sep-2019 12:24

Home sensor charity director speaks about the preventable death which drives her to push for healthy homes
Posted 11-Sep-2019 08:46

Te ao Maori Minecraft world set to inspire Kiwi students
Posted 11-Sep-2019 08:43

Research reveals The Power of Games in New Zealand
Posted 11-Sep-2019 08:40

Ring Door View Cam now available in New Zealand
Posted 11-Sep-2019 08:38

Vodafone NZ to create X Squad
Posted 10-Sep-2019 10:25

Huawei nova 5T to be available 20th September
Posted 5-Sep-2019 11:55


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.