1 |
On Wed, Apr 4, 2018 at 3:18 PM, gevisz <gevisz@×××××.com> wrote: |
2 |
> A friend of mine asked me to recommend him an open-source |
3 |
> VPN-server for Linux but unfortunately I never used one. |
4 |
> |
5 |
|
6 |
If not https://www.wireguard.com/, I recommend OpenVPN. You could try |
7 |
to set up IPsec if you wanted. |
8 |
|
9 |
> After some googling, I have found OpenVPN but do not know |
10 |
> if it is the best choice that suits his purposes, namely to access |
11 |
> local network that does not have its own fixed IP from the outside. |
12 |
> |
13 |
> To be more precise: the local network to be accessed to from the |
14 |
> outside is part of another local network. The latter (outer) network |
15 |
> has its own fixed IP but the former (inner) network gets its IP via DHCP. |
16 |
> So, it is impossible to connect to a computer in the inner network |
17 |
> from the outside directly. |
18 |
> |
19 |
> The computer in local network to be connected runs Windows. |
20 |
> The said friend of mine have tried to run some VPN server from |
21 |
> Windows but it somehow hangs the "inner" computer when |
22 |
> his "outer" computer has problems connecting to the Internet. |
23 |
> |
24 |
> So, now his idea is |
25 |
> 1) to run a virtual machine in the "inner" (Windows) computer, |
26 |
> 2) to install into this virtual machine very lightweight Linux server |
27 |
> only to run in it a VPN-server that should help him to connect |
28 |
> from the outside to the "inner" host (Windows) computer, which |
29 |
> has its fixed IP within the inner local network. |
30 |
> |
31 |
|
32 |
I'm not sure this makes sense. Firstly, in the case of OpenVPN at |
33 |
least, there is a Windows client and associated signed fake network |
34 |
device drivers. Perhaps if using Wireguard you might want to connect |
35 |
through a VM to your VPN; I am not sure if there is a Windows client. |
36 |
|
37 |
Secondly - you need the VPN server to be running on a computer which |
38 |
is globally accessible. If your friend is in the US or some parts of |
39 |
Europe their home line may not be behind NAT, and would work if set up |
40 |
properly. In general most networks you connect to will not work. You |
41 |
will always need one computer which is not behind NAT. |
42 |
|
43 |
Cheers, |
44 |
R0b0t1 |