From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C87BE138331 for ; Thu, 5 Apr 2018 22:20:55 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8F104E09B1; Thu, 5 Apr 2018 21:04:36 +0000 (UTC) Received: from mail-it0-x22c.google.com (mail-it0-x22c.google.com [IPv6:2607:f8b0:4001:c0b::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 20C48E0965 for ; Thu, 5 Apr 2018 21:04:35 +0000 (UTC) Received: by mail-it0-x22c.google.com with SMTP id v194-v6so6003552itb.0 for ; Thu, 05 Apr 2018 14:04:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=BzWu7A4vZs+zgiKfY0OsqvnxLKp7Y5opIhF5rk2OvtQ=; b=o/VKpKuR05XD4CMCF5CDZZlwQJ9YvX5oSbKJRvHe1HHMqCCCxMcmNK9GB36KCadz0k kv0AOkGrJl3rMy0Mo9ukep5/lndKspeQ2AYG8vhqvMkfuR1bncf5tJxqwA3ddzsD2HTN 6OD3KI/ZEJd9Nf++5QCqMostGk7aH6qOfXWSOR+0JmKA50VGEAteuYr+Bwyrd3/6S6MQ 2J4Lw0IHpm5RYND3vPpU8SMUu1zNveLCovmu+StjCFlz6spfuMfyF3FS1+yRUxBJFrRr ogGEXNX72M03Y6/fHlx6MVatIGvHAAcRziXKPqS1OLhHmB3yyti+oqs5nhiJ3EV2fM6I BN+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=BzWu7A4vZs+zgiKfY0OsqvnxLKp7Y5opIhF5rk2OvtQ=; b=E8fsKYDDZ9LrbF37+UBwDQ2pE4AwMtZSNb9xMOQ5P+8f9hffHb+U6dC0rVZkXh0jDu TxTIr0JZgnIfL4DOgSbvEX5R8nP7834f/bwmJl20RBq5SbwBE3Ns++EL0TBSdZNbVxvt kJyq2oQSRJ7XxbAKEyUgNx8ySkbE2fW4O58BzAWGC5ljy4iVDi2tkm1lJO6QoXqWShSx +iPWOWPrVF3bGUZhJwR1tbyN1ykmlCS4CXVbGg3yRFPPBrgM9Xw2A66LlXKeUquoNv6H 89w351fPeOOifqT5zZ/YpGKEIsN5WIQT11s9VAr4YCNqf0jXgr/7bpZOE7yEwO79yR/R uwzg== X-Gm-Message-State: AElRT7GD9AjtPOTnUVnpzC3MER1XLp26HFeIGwHZhdQkK9K9a+BCUxoO raSsEPBkonAbnkrb737RSQZz4vhp6aH8SRFag+ebTg== X-Google-Smtp-Source: AIpwx48LGK8gWF9b+XG3Tb0Hbu4h8ZTfpBDFxiNQPC0FHhsYTl2NP6DmPPt+rkV/uV27efk6p0Yq/hClQRyRLhK4h7Q= X-Received: by 2002:a24:1a45:: with SMTP id 66-v6mr15000849iti.130.1522962274786; Thu, 05 Apr 2018 14:04:34 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.107.79.3 with HTTP; Thu, 5 Apr 2018 14:04:34 -0700 (PDT) In-Reply-To: <277e584b-3d27-27a4-501e-af39ba7a24b8@spamtrap.tnetconsulting.net> References: <277e584b-3d27-27a4-501e-af39ba7a24b8@spamtrap.tnetconsulting.net> From: gevisz Date: Fri, 6 Apr 2018 00:04:34 +0300 Message-ID: Subject: Re: [gentoo-user] [OT] What is the best open-source VPN server for Linux? To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: 7001ec51-ea0f-4544-a3b2-c2bd06f17c4b X-Archives-Hash: dfc0da9df1fda85b7db6b1ca0d318740 2018-04-05 19:29 GMT+03:00 Grant Taylor : > On 04/05/2018 03:51 AM, gevisz wrote: >> >> Yes. And the Client also has static IP. Moreover, both OR and IR have >> static IPs from the inside. So, the Host can make a connection request to >> the Client. > > With the client having a static IP, things become a LOT simpler. Simply > flip things around and have the ""Client be the VPN server and > the ""Host be the VPN client. Yes, you are right. It was my misunderstanding of the situation. The VPN server was initially on outer computer with a static IP, and on the computer inside the remoted local network was a VPN client. I have corrected this a bit later in this thread, after a call to the friend. I even wanted to write that the Host and Client notations should be swapped but finally decided that this would lead to the mess. > This REALLY SIGNIFICANTLY simplifies things. > >> The Host works as a remoted server and phisical access to it is costy. All >> administrating of the Host should be done through the Client. That is the >> reason for the need of VPN. > > I sort of wonder what services the server is offering if it can't be > readily accessed from the outside world. It makes requests to the other computers in the Internet and saves the responses. (The same does the computer on the other end of the scheme. The two remoted servers doing the same job are needed for redundancy, just in case one of them cannot connect to the Internet because the blackout, which happens quite often here.) > Please share a summary of what you end up doing so that others can > beneift from searching archives. ;-) So far, my friend set a newer version of its initial VPN server and client. The correct scheme looks as follows: (Administrator) - (VPN host on Windows computer, static IP) <--> (ISP) <--> <--> (Internet) <--> (static IP, [outer] router of another ISP, static IP) <--> <--> (dynamic IP, inner router, static IP in a remoted [local] network) <--> <--> (static IP in the remoted [local] network, VPN client on Windows computer in the remoted [local] network) After starting, the VPN client automatically initiates connection to the VPN server and reinitiates it every time when the conection is lost. So, the connection became permanent. The initial problem was that, when the computer with the VPN server loses connection to the Internet, the VPN client hangs the "computer in the remoted [local] network" (in my view, by constantly trying to reconnect to the VPN server, so my initial recomendation was to increase the time interval between the attempts to reconnect.) Currently, the Administrator set a newer version of its initial VPN server and client and plays with the parameters. If it won't help, he will try another VPN server and client on Windows. If that won't help as well, he is planning to set a VPN client into a virtual machine run on "Windows computer in remoted [local] network". As far as a VPN client, in general, does not need graphical evironment, it would be expedient to run a Linux server inside the said virtual machine (instead of another Windows).