Any networking guys wanna fill me in on the complexity of creating a site to site VPN network?
I have google fiber and want to run a tunnel straight to another google fiber house. Why? File and service sharing. I've setup openVPN for personal use but not sure on the amount of work for what I would like to accomplish.
Is there a certain level of hardware I should be aiming for to get the most speed? I see a lot of directions for cisco ASA's but wasn't sure if a simple pfsense box would do it? Also, each house would need a different set of IP address handed out right?
The google fiber box itself is shit for any advanced settings and since I have the TV service to there really isn't a solid replacement for it.
> each house would need a different set of IP address handed out right? yup.
3 subnets will be used in this setup > VPN > house1 > house2
Eli Morgan
I'm kind of stupid, but why can't you just SSH into whatever box you want?
Charles Rodriguez
Cool. Thanks for the info!
Logan Murphy
One example would be the IP camera DVR software is Windows only. The overall reason is mostly for fun and seeing if it can be done, how it performs, etc.
Daniel Baker
you know the saying, 'if you have to ask'?
Elijah Price
Buy a couple of Neatgear WNR3700/3800s. Install openwrt and setup openvpn with a shared sekret key. You can get them working while they are plugged together. Makes testing easier. The 3700/3800 has a fast cpu and plenty of flash so opkg overlay works making software installs easier.
Henry Adams
SSH is TCP VPN is UDP
Just one reason
Ryder Diaz
>VPN is UDP There is no "VPN" protocol. Also, why wouldn't you want TCP in this case?
Grayson Morris
UDP has theoretical benefit in throughput there is no wait for acknowledgement
Regardless I use TCP for my OpenVPN setup because the connection will stay alive without having to constantly send packets that after a while of silence UDP seems to fail... If they were both on all the time UDP would be better
Chase Wood
TCP in UDP > TCP in TCP
Luis Collins
can you not ssh over windows?
Camden Powell
>UDP has theoretical benefit in throughput there is no wait for acknowledgement And no grantees about packet loss/reordering.
Isaac Carter
Don't use SSL ya dunce, use IPsec!
OpenBSD has it out of the box, Linux has Openswan.
Bentley Morales
>And no grantees about packet loss/reordering. Thats TCP's responsibility.
For example ethernet makes no guarantees, the responsibility is with protocol higher up the stack.
Owen Stewart
>Thats TCP's responsibility. I know. The other user was implying that UDP was "better" than TCP.
Carson Jackson
Looks like I misread
Logan Davis
TCP through TCP isn't that bad if the traffic is light enough like browsing. I have yet to encounter a time when I felt like it was too slow. But I'm not using OpenVPN to connect two always alive devices that can handle reliably sending and receiving packets like the OP would have and UDP would benefit. Cell phones and UDP are not friends.
Jason Brown
Agree not to use OpenVPN (more than just security...), but if you're going IPsec, use libreswan, not openswan.
Also not sure about the level of performance available to the typical cheap dedicated computer and gigabit NIC, but there's also softether, which is stated to perform in the hundreds of megabits and allows you to bridge the networks at layer 2 as well as layer 3. I'd advise adding it to the comparison.
>softether.org >project of a genius programmer-professor in japan >gpl3 license
Three links does not constitute an argument jesus christ you are so fucking stupid just stop posting
Xavier Martin
>can't open the first link to see the comparison between commits in 2014, as presented by a leading contributor to openswan before he forked it to libreswan >can't extend this out to the idea that one project has more activity and is therefore under heavier development than the other >litters responses with expletives and ad hominem