eddorre

Remote Network Access – Part II

Things are looking up on the OpenVPN front. I’ve successfully connect both my MacBook and my Vista machine to it from a remote network.

I also understand why my MacBook started to overheat. More on that at the end of the post.

A normal PPTP VPN works by assigning your computer an IP address on the remote LAN.

OpenVPN has two modes of operation; brigding mode and routing mode. Bridging mode works exactly like a standard PPTP VPN server. It assigns an IP address from the remote LAN to a virtual TUN adapter.

Routing mode is very different. Using routing mode, the server assigns a private, non-routable address to a virtual TAP adapter on both the client machine and the server machine. This address is not on the private network that the server resides on.

For example, let’s say that your server has an IP address of 192.168.1.2. Using your SOHO router you forward port 1194 (UDP) to the VPN server.

The TAP adapter created on the server, using the default configuration, would receive the IP address of 10.8.0.1 and the client machine would receive the address of 10.8.0.5.

At this time, a private tunnel has been created and you can communicate with the server and only the server. In order to participate on the local remote LAN (192.168.1.0/24) you have to alter the routing table on the client machine.

OpenVPN can alter the routing table for you by including in the client config file. What this does is route all information that is destined for the 192.168.1.0/24 network through the virtual TAP adapter (10.8.0.5).

If this wasn’t enough, you still can’t communicate to the remote LAN. You have to setup IP Forwarding on the OpenVPN server and setup a static route on the SOHO router that routes anything on 10.8.0.0/24 through 10.8.0.1.

Whew. Understandably, bridging mode is the easiest of the two. After this has been completed, you should be able to access machines on the remote LAN.

I haven’t really explained why my laptop was freaking out. I had an idea, but I didn’t confirm it until yesterday.

To simulate coming in from a remote network, I was using my MacBook wirelessly. My wireless network is behind its own router that is behind my SOHO router (see diagram of network).

The short of it is that in my client configuration, I was initially connecting to the OpenVPN server at 192.168.1.8 but then when the server pushed the routing information, that said to send all information destined to 192.168.1.0/24 down the VPN tunnel.

I essentially create a huge network loop. My poor MacBook never had a chance.

I can make it work the way the old configuration did, I just have to switch from routing mode to bridging mode.


Comments are closed

Comments are closed on this post. If you have something on your mind regarding this post, don't hesitate to drop me a line.