Modify

Opened 7 years ago

Last modified 5 years ago

#1165 confirmed enhancement

OpenVPN: New feature: site-to-site VPN with two Fonera

Reported by: sboniolo@… Owned by:
Priority: normal Milestone: Firmware 2.3
Component: fon-plugin-openvpn Version: N/A
Severity: major
Cc: priv8.contact@… Hardware: 2.0n (FON2300)

Description

I recently purchased and installed my second Fonera, Fonera N this time! I easily configured OpenVPN to access from my PC to the home network but one thing that I think might be useful is to set up two or more "Fonera" to get a site-to-site VPN. OpenVPN package allows this, because of OpenVPN is deep integrated into LaFonera? functionality, in my opinion would be inexpensive and very useful to have this functionality (perhaps, wanting to exaggerate, not limited to 2 subnets). I remain available for any questions or concerns. Simone Boniolo

Attachments (0)

Change History (6)

comment:1 Changed 7 years ago by Jon "The Nice Guy" Spriggs <jon@…>

In all honesty, I think the amount of rework that would be required to get the OpenVPN client behaving like this, it would be a better idea to perhaps create a separate plugin for this.

In this way, you could add new startup files to /etc/init.d/, configure the VPN settings appropriately (perhaps as openvpn.site-to-site.x in UCI), set up proper routing and firewall rules, and use the TAP rather than TUN interface for your tunnel.

It's a lot of work, but I think it's pretty do-able, especially if you base the work off the code in source:trunk/luci/applications/luci-openvpn

comment:2 Changed 7 years ago by matthijs

  • Milestone set to Firmware 2.3
  • Severity changed from unknown to major
  • Status changed from new to confirmed

A separate luci application would certainly make sense, not sure if it should be a separate plugin (since the OpenVPN binary is already included in the firmware, the plugin would mostly contain lua files, which aren't very big. Also, this feature might require changes to the networking core of the firmware, which is hard to do from a plugin).

Furthermore, I think the biggest challenge is to get this feature to play nicely with all the existing networking and firewalling code (to be honest, some of it has become a bit messy over time).

In any case: This feature would be awesome to add, but it's too much work for 2.3.7.0.

Jon, if you'd like to have a stab at this, I'd welcome that. If you have any questions or want some feedback, feel free to bugger me (easiest is through irc, probably).

comment:3 Changed 7 years ago by matthijs

Just one addition: I think it would be useful to make this a slightly more generic OpenVPN client feature, so not limited to a Fonera -> Fonera VPN.

comment:4 Changed 7 years ago by matthijs

  • Cc priv8.contact@… added

#1193 is a duplicate of this ticket.

comment:6 Changed 5 years ago by B. Austin

IS there an updated link to the info for configuring as an OpenVPN client please?

Add Comment

Modify Ticket

Action
as confirmed The ticket will remain with no owner.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.