| Keith via plug on 11 Sep 2023 12:40:55 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Outgoing VPN for Entire Network |
On 9/11/23 15:16, Rich Freeman via plug wrote:
On Mon, Sep 11, 2023 at 2:47 PM Keith C. Perry via plug <plug@lists.phillylinux.org> wrote:You're on the right track... regardless of how complex the internals of your net are, eventually you need to leave your network via a router so it that device is where you would set up OpenVPN so traffic flowing through it is sent to your VPN end point.You can certainly do that, but there is no requirement that your VPN gateway be on the router you use to connect to the internet. I run mine on a separate host.
Requirement, no since that is how someone can test the system first but best / better practice, yes. When someone says "VPN for Entire Network" I get the impression they want things pretty locked down and they don't want to leave an "alternative" egress out there that could be discovered. After confirming things built right, it really should be the only router on the net in a logical and physical sense (i.e. only thing connected to the upstream provider's device).
-- ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Keith C. Perry, MS E.E. Managing Member, DAO Technologies LLC (O) +1.215.525.4165 x2033 (M) +1.215.432.5167 www.daotechnologies.com ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug