| 1 |
On Wed, Apr 4, 2018 at 3:18 PM, gevisz <gevisz@×××××.com> wrote: |
| 2 |
> A friend of mine asked me to recommend him an open-source |
| 3 |
> VPN-server for Linux but unfortunately I never used one. |
| 4 |
> |
| 5 |
|
| 6 |
If not https://www.wireguard.com/, I recommend OpenVPN. You could try |
| 7 |
to set up IPsec if you wanted. |
| 8 |
|
| 9 |
> After some googling, I have found OpenVPN but do not know |
| 10 |
> if it is the best choice that suits his purposes, namely to access |
| 11 |
> local network that does not have its own fixed IP from the outside. |
| 12 |
> |
| 13 |
> To be more precise: the local network to be accessed to from the |
| 14 |
> outside is part of another local network. The latter (outer) network |
| 15 |
> has its own fixed IP but the former (inner) network gets its IP via DHCP. |
| 16 |
> So, it is impossible to connect to a computer in the inner network |
| 17 |
> from the outside directly. |
| 18 |
> |
| 19 |
> The computer in local network to be connected runs Windows. |
| 20 |
> The said friend of mine have tried to run some VPN server from |
| 21 |
> Windows but it somehow hangs the "inner" computer when |
| 22 |
> his "outer" computer has problems connecting to the Internet. |
| 23 |
> |
| 24 |
> So, now his idea is |
| 25 |
> 1) to run a virtual machine in the "inner" (Windows) computer, |
| 26 |
> 2) to install into this virtual machine very lightweight Linux server |
| 27 |
> only to run in it a VPN-server that should help him to connect |
| 28 |
> from the outside to the "inner" host (Windows) computer, which |
| 29 |
> has its fixed IP within the inner local network. |
| 30 |
> |
| 31 |
|
| 32 |
I'm not sure this makes sense. Firstly, in the case of OpenVPN at |
| 33 |
least, there is a Windows client and associated signed fake network |
| 34 |
device drivers. Perhaps if using Wireguard you might want to connect |
| 35 |
through a VM to your VPN; I am not sure if there is a Windows client. |
| 36 |
|
| 37 |
Secondly - you need the VPN server to be running on a computer which |
| 38 |
is globally accessible. If your friend is in the US or some parts of |
| 39 |
Europe their home line may not be behind NAT, and would work if set up |
| 40 |
properly. In general most networks you connect to will not work. You |
| 41 |
will always need one computer which is not behind NAT. |
| 42 |
|
| 43 |
Cheers, |
| 44 |
R0b0t1 |
Archives