OpenVPN between two PCs in the same LAN
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I would like to build a network environment where I have two Linux PCs (I will call them LPC1 and LPC2) connected to a switch, and I would like to encrypt the traffic between the two with OpenVPN. Do you see any difficulties to setup this environment?
Let's go further, let's say I have two other NICs on these PCs and I want them to act as a router to encrypt the traffic between other two PCs (I will call them PC1 and PC2) connected with the Linux boxes in a way like this:
PC1----LPC1---Switch---LPC2----PC2
Do you think that is possible this kind of configuration?
openvpn
add a comment |Â
up vote
0
down vote
favorite
I would like to build a network environment where I have two Linux PCs (I will call them LPC1 and LPC2) connected to a switch, and I would like to encrypt the traffic between the two with OpenVPN. Do you see any difficulties to setup this environment?
Let's go further, let's say I have two other NICs on these PCs and I want them to act as a router to encrypt the traffic between other two PCs (I will call them PC1 and PC2) connected with the Linux boxes in a way like this:
PC1----LPC1---Switch---LPC2----PC2
Do you think that is possible this kind of configuration?
openvpn
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I would like to build a network environment where I have two Linux PCs (I will call them LPC1 and LPC2) connected to a switch, and I would like to encrypt the traffic between the two with OpenVPN. Do you see any difficulties to setup this environment?
Let's go further, let's say I have two other NICs on these PCs and I want them to act as a router to encrypt the traffic between other two PCs (I will call them PC1 and PC2) connected with the Linux boxes in a way like this:
PC1----LPC1---Switch---LPC2----PC2
Do you think that is possible this kind of configuration?
openvpn
I would like to build a network environment where I have two Linux PCs (I will call them LPC1 and LPC2) connected to a switch, and I would like to encrypt the traffic between the two with OpenVPN. Do you see any difficulties to setup this environment?
Let's go further, let's say I have two other NICs on these PCs and I want them to act as a router to encrypt the traffic between other two PCs (I will call them PC1 and PC2) connected with the Linux boxes in a way like this:
PC1----LPC1---Switch---LPC2----PC2
Do you think that is possible this kind of configuration?
openvpn
openvpn
asked Sep 26 '17 at 17:54
Simone Scanavini
1
1
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
There shouldn't be any problem with that, if it's configured correctly. It should work in both tun (IP routed) and tap (Ethernet bridged) mode (depending on what you need; tun would be preferred, as always). You will have to make sure the routing is correct so that all traffic except the encrypted tunnel goes over the tunnel.
That's going to be the hard part. I'd suggest putting OpenVPN + the switch-side NIC in a network namespace. Then move the tun/tap interface it creates back to the main network namespace, so that you can route traffic over it. This gets more complicated if you need to communicate with other hosts on the switch. Another approach is policy routing (you could select the un-encrypted route only for OpenVPN's source port/IP, otherwise the encrypted route). Policy routing also makes the need to access other hosts on the switch case easier.
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
There shouldn't be any problem with that, if it's configured correctly. It should work in both tun (IP routed) and tap (Ethernet bridged) mode (depending on what you need; tun would be preferred, as always). You will have to make sure the routing is correct so that all traffic except the encrypted tunnel goes over the tunnel.
That's going to be the hard part. I'd suggest putting OpenVPN + the switch-side NIC in a network namespace. Then move the tun/tap interface it creates back to the main network namespace, so that you can route traffic over it. This gets more complicated if you need to communicate with other hosts on the switch. Another approach is policy routing (you could select the un-encrypted route only for OpenVPN's source port/IP, otherwise the encrypted route). Policy routing also makes the need to access other hosts on the switch case easier.
add a comment |Â
up vote
1
down vote
There shouldn't be any problem with that, if it's configured correctly. It should work in both tun (IP routed) and tap (Ethernet bridged) mode (depending on what you need; tun would be preferred, as always). You will have to make sure the routing is correct so that all traffic except the encrypted tunnel goes over the tunnel.
That's going to be the hard part. I'd suggest putting OpenVPN + the switch-side NIC in a network namespace. Then move the tun/tap interface it creates back to the main network namespace, so that you can route traffic over it. This gets more complicated if you need to communicate with other hosts on the switch. Another approach is policy routing (you could select the un-encrypted route only for OpenVPN's source port/IP, otherwise the encrypted route). Policy routing also makes the need to access other hosts on the switch case easier.
add a comment |Â
up vote
1
down vote
up vote
1
down vote
There shouldn't be any problem with that, if it's configured correctly. It should work in both tun (IP routed) and tap (Ethernet bridged) mode (depending on what you need; tun would be preferred, as always). You will have to make sure the routing is correct so that all traffic except the encrypted tunnel goes over the tunnel.
That's going to be the hard part. I'd suggest putting OpenVPN + the switch-side NIC in a network namespace. Then move the tun/tap interface it creates back to the main network namespace, so that you can route traffic over it. This gets more complicated if you need to communicate with other hosts on the switch. Another approach is policy routing (you could select the un-encrypted route only for OpenVPN's source port/IP, otherwise the encrypted route). Policy routing also makes the need to access other hosts on the switch case easier.
There shouldn't be any problem with that, if it's configured correctly. It should work in both tun (IP routed) and tap (Ethernet bridged) mode (depending on what you need; tun would be preferred, as always). You will have to make sure the routing is correct so that all traffic except the encrypted tunnel goes over the tunnel.
That's going to be the hard part. I'd suggest putting OpenVPN + the switch-side NIC in a network namespace. Then move the tun/tap interface it creates back to the main network namespace, so that you can route traffic over it. This gets more complicated if you need to communicate with other hosts on the switch. Another approach is policy routing (you could select the un-encrypted route only for OpenVPN's source port/IP, otherwise the encrypted route). Policy routing also makes the need to access other hosts on the switch case easier.
answered Sep 26 '17 at 20:05
derobert
69.1k8149205
69.1k8149205
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f394600%2fopenvpn-between-two-pcs-in-the-same-lan%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password