Hi Guys,
Having lurched through my VMware setup, I wanted to try out a VPN, like OpenVPN, I found the some details here:
https://help.ubuntu.com/community/OpenVPN
Has anyone tired these out, found any pitfalls?
Ideally, all I want to be able to do is to set it up so that my wife (and myself) never has to think about using FTP etc to get to our home data store, currently on a NAS but shortly to be on a full blown home server, when out and about. I am correct in thinking that once it is running, it will just appear that our client netbooks are connecting to our home shares etc?
I already have a DynDNS arrangement setup on the router, and should be able to set the ports to forward to the IP of the VM Ubuntu. My Netgear DG834G should act as an ipsec endpoint (not required for this I know) but seems impossible to configure with any client I have tried, hence the idea of adding this function to the server.
Thanks in advance,
Frank
VPN - VNC
-
- Member
- Posts: 25
- Joined: March 24th, 2011, 6:35 am
Re: VPN - VNC
I haven't messed with it myself as of yet, but I will in the next couple days to try and help you out, but here is what I know as of right now:
a. From what I understand that is exactly how VPN works. I believe I read that you can even choose to route all your internet traffic through the VPN as well.
b. OpenVPN seems to be the go-to for secure VPN solutions. Again, having never used it myself, some of the pro's and con's I've heard are this:
PRO: very difficult to crack, all traffic is pretty secure. It uses previously shared keys to encrypt the traffic so it can't be intercepted.
CON: Keys have to be generated on the server for each client and then transferred to the client. so no connecting on a whim from a new computer.
CON: (small one) OpenVPN software has to be installed on every computer involved, not just the server.
The other super simple solution is PPTP. it uses simple user:password authentication, and every major OS has a built in client for it. the downside is that your traffic is notoriously unsecure, PPTP is very easy to spy on. But if you're just using it to access your media server or tweak your website, I doubt you care to much if someone sees what you're looking at.
Hope that helps, and I'll mess with OpenVPN later this week and see if I can offer more insight.
a. From what I understand that is exactly how VPN works. I believe I read that you can even choose to route all your internet traffic through the VPN as well.
b. OpenVPN seems to be the go-to for secure VPN solutions. Again, having never used it myself, some of the pro's and con's I've heard are this:
PRO: very difficult to crack, all traffic is pretty secure. It uses previously shared keys to encrypt the traffic so it can't be intercepted.
CON: Keys have to be generated on the server for each client and then transferred to the client. so no connecting on a whim from a new computer.
CON: (small one) OpenVPN software has to be installed on every computer involved, not just the server.
The other super simple solution is PPTP. it uses simple user:password authentication, and every major OS has a built in client for it. the downside is that your traffic is notoriously unsecure, PPTP is very easy to spy on. But if you're just using it to access your media server or tweak your website, I doubt you care to much if someone sees what you're looking at.
Hope that helps, and I'll mess with OpenVPN later this week and see if I can offer more insight.
Re: VPN - VNC
Ha ha, don't tell your partner I asked you to spend time with a new bit of software!
Thanks for the comments, I think I do want to try Open VPN. My wife will be sending some of her personal busniess work through it. PPTP would just give me anxious moments when using public wifi etc. We use FTP occasionally but our NAS only uses plain unsecure FTP with plain text password not SFTP.
I don't mind the certificate thing as once i know the process, it is probably possible to do it via remote desktop if really desperate.
Will have a go at setup later this week as well and see.
Cheers
Frank
Thanks for the comments, I think I do want to try Open VPN. My wife will be sending some of her personal busniess work through it. PPTP would just give me anxious moments when using public wifi etc. We use FTP occasionally but our NAS only uses plain unsecure FTP with plain text password not SFTP.
I don't mind the certificate thing as once i know the process, it is probably possible to do it via remote desktop if really desperate.
Will have a go at setup later this week as well and see.
Cheers
Frank
-
- Member
- Posts: 25
- Joined: March 24th, 2011, 6:35 am
Re: VPN - VNC
Hey,
so I did mess with it the other day, the set-up actually was pretty easy just following the guide on the ubuntu help pages. I didn't get a chance to try to vpn in from a separate network, but the certificate process was actually pretty simple. It's just a matter of issuing the right command and copying the certificates over to the right computer.
One big thing I noticed though: If you plan on using a bridged interface so that your clients can have full access to your network I recommend having a dedicated virtual machine for the VPN host. The reason I say this was that the bridged interface played havoc with the access to my server. sometimes it wanted me to talk to ip address assigned to br0, sometimes it wanted me to talk to the ip of eth0, and neither time would it recognize the hostname I had assigned to it. While this might be (and probably is) something I did wrong, it just seems like a better idea in the first place to have it separated from your other servers.
I'm in the middle of another project at the moment, but when I have a bit more free time I'll try again and see what I can come up with.
so I did mess with it the other day, the set-up actually was pretty easy just following the guide on the ubuntu help pages. I didn't get a chance to try to vpn in from a separate network, but the certificate process was actually pretty simple. It's just a matter of issuing the right command and copying the certificates over to the right computer.
One big thing I noticed though: If you plan on using a bridged interface so that your clients can have full access to your network I recommend having a dedicated virtual machine for the VPN host. The reason I say this was that the bridged interface played havoc with the access to my server. sometimes it wanted me to talk to ip address assigned to br0, sometimes it wanted me to talk to the ip of eth0, and neither time would it recognize the hostname I had assigned to it. While this might be (and probably is) something I did wrong, it just seems like a better idea in the first place to have it separated from your other servers.
I'm in the middle of another project at the moment, but when I have a bit more free time I'll try again and see what I can come up with.
-
- Member
- Posts: 10
- Joined: March 25th, 2011, 3:33 am
Re: VPN - VNC
Great ideas,
This is also something That i'm interested in, I'll put a few hours into the process. this week.
( Just got home from traveling and i would like the added security of using wireless hotspots with a secure connection)
This is also something That i'm interested in, I'll put a few hours into the process. this week.
( Just got home from traveling and i would like the added security of using wireless hotspots with a secure connection)