OpenVPN between two PCs in the same LAN

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I would like to build a network environment where I have two Linux PCs (I will call them LPC1 and LPC2) connected to a switch, and I would like to encrypt the traffic between the two with OpenVPN. Do you see any difficulties to setup this environment?



Let's go further, let's say I have two other NICs on these PCs and I want them to act as a router to encrypt the traffic between other two PCs (I will call them PC1 and PC2) connected with the Linux boxes in a way like this:



PC1----LPC1---Switch---LPC2----PC2



Do you think that is possible this kind of configuration?










share|improve this question

























    up vote
    0
    down vote

    favorite












    I would like to build a network environment where I have two Linux PCs (I will call them LPC1 and LPC2) connected to a switch, and I would like to encrypt the traffic between the two with OpenVPN. Do you see any difficulties to setup this environment?



    Let's go further, let's say I have two other NICs on these PCs and I want them to act as a router to encrypt the traffic between other two PCs (I will call them PC1 and PC2) connected with the Linux boxes in a way like this:



    PC1----LPC1---Switch---LPC2----PC2



    Do you think that is possible this kind of configuration?










    share|improve this question























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I would like to build a network environment where I have two Linux PCs (I will call them LPC1 and LPC2) connected to a switch, and I would like to encrypt the traffic between the two with OpenVPN. Do you see any difficulties to setup this environment?



      Let's go further, let's say I have two other NICs on these PCs and I want them to act as a router to encrypt the traffic between other two PCs (I will call them PC1 and PC2) connected with the Linux boxes in a way like this:



      PC1----LPC1---Switch---LPC2----PC2



      Do you think that is possible this kind of configuration?










      share|improve this question













      I would like to build a network environment where I have two Linux PCs (I will call them LPC1 and LPC2) connected to a switch, and I would like to encrypt the traffic between the two with OpenVPN. Do you see any difficulties to setup this environment?



      Let's go further, let's say I have two other NICs on these PCs and I want them to act as a router to encrypt the traffic between other two PCs (I will call them PC1 and PC2) connected with the Linux boxes in a way like this:



      PC1----LPC1---Switch---LPC2----PC2



      Do you think that is possible this kind of configuration?







      openvpn






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Sep 26 '17 at 17:54









      Simone Scanavini

      1




      1




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote













          There shouldn't be any problem with that, if it's configured correctly. It should work in both tun (IP routed) and tap (Ethernet bridged) mode (depending on what you need; tun would be preferred, as always). You will have to make sure the routing is correct so that all traffic except the encrypted tunnel goes over the tunnel.



          That's going to be the hard part. I'd suggest putting OpenVPN + the switch-side NIC in a network namespace. Then move the tun/tap interface it creates back to the main network namespace, so that you can route traffic over it. This gets more complicated if you need to communicate with other hosts on the switch. Another approach is policy routing (you could select the un-encrypted route only for OpenVPN's source port/IP, otherwise the encrypted route). Policy routing also makes the need to access other hosts on the switch case easier.






          share|improve this answer




















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f394600%2fopenvpn-between-two-pcs-in-the-same-lan%23new-answer', 'question_page');

            );

            Post as a guest






























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            1
            down vote













            There shouldn't be any problem with that, if it's configured correctly. It should work in both tun (IP routed) and tap (Ethernet bridged) mode (depending on what you need; tun would be preferred, as always). You will have to make sure the routing is correct so that all traffic except the encrypted tunnel goes over the tunnel.



            That's going to be the hard part. I'd suggest putting OpenVPN + the switch-side NIC in a network namespace. Then move the tun/tap interface it creates back to the main network namespace, so that you can route traffic over it. This gets more complicated if you need to communicate with other hosts on the switch. Another approach is policy routing (you could select the un-encrypted route only for OpenVPN's source port/IP, otherwise the encrypted route). Policy routing also makes the need to access other hosts on the switch case easier.






            share|improve this answer
























              up vote
              1
              down vote













              There shouldn't be any problem with that, if it's configured correctly. It should work in both tun (IP routed) and tap (Ethernet bridged) mode (depending on what you need; tun would be preferred, as always). You will have to make sure the routing is correct so that all traffic except the encrypted tunnel goes over the tunnel.



              That's going to be the hard part. I'd suggest putting OpenVPN + the switch-side NIC in a network namespace. Then move the tun/tap interface it creates back to the main network namespace, so that you can route traffic over it. This gets more complicated if you need to communicate with other hosts on the switch. Another approach is policy routing (you could select the un-encrypted route only for OpenVPN's source port/IP, otherwise the encrypted route). Policy routing also makes the need to access other hosts on the switch case easier.






              share|improve this answer






















                up vote
                1
                down vote










                up vote
                1
                down vote









                There shouldn't be any problem with that, if it's configured correctly. It should work in both tun (IP routed) and tap (Ethernet bridged) mode (depending on what you need; tun would be preferred, as always). You will have to make sure the routing is correct so that all traffic except the encrypted tunnel goes over the tunnel.



                That's going to be the hard part. I'd suggest putting OpenVPN + the switch-side NIC in a network namespace. Then move the tun/tap interface it creates back to the main network namespace, so that you can route traffic over it. This gets more complicated if you need to communicate with other hosts on the switch. Another approach is policy routing (you could select the un-encrypted route only for OpenVPN's source port/IP, otherwise the encrypted route). Policy routing also makes the need to access other hosts on the switch case easier.






                share|improve this answer












                There shouldn't be any problem with that, if it's configured correctly. It should work in both tun (IP routed) and tap (Ethernet bridged) mode (depending on what you need; tun would be preferred, as always). You will have to make sure the routing is correct so that all traffic except the encrypted tunnel goes over the tunnel.



                That's going to be the hard part. I'd suggest putting OpenVPN + the switch-side NIC in a network namespace. Then move the tun/tap interface it creates back to the main network namespace, so that you can route traffic over it. This gets more complicated if you need to communicate with other hosts on the switch. Another approach is policy routing (you could select the un-encrypted route only for OpenVPN's source port/IP, otherwise the encrypted route). Policy routing also makes the need to access other hosts on the switch case easier.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Sep 26 '17 at 20:05









                derobert

                69.1k8149205




                69.1k8149205



























                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f394600%2fopenvpn-between-two-pcs-in-the-same-lan%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?