As an ongoing effort, I am trying to connect my different homes and flats with some kind of VPN so that we can all share the same resources. I recently tried connecting my routers (which run DDWRT or TomatoUSB) with some kind of client/server construction based on PPTP or openVPN. Neither of the protocols were to my satisfaction as openVPN requires routers with more flashmemory and ddwrt is a mess with its GUI.
Enter... Softether
http://www.softether.org/4-docs/2-howto/1.VPN_for_On-premise/3.LAN_to_LAN_Bridge_VPN
I stumbled upon this nice piece of software one day as I was looking a solution again for my problem. It is just perfect for me. It's a bit similar to Hamachi, but in my oppinion even a bit handier.
Imagine Softether being a virtual network cable expanding your existing home network with a virtual lan cable going to a virtual "cloud switch". Adding Softether to all your different home networks amd connecting them to the same cloud switch just connects all your networks on layer 2! Its really like pulling network cables from all your places to one central switch without actually pulling real cables between your homes/flats.
Those virtual network cables are route through a special VPN tunnel and terminat in the virtual hub in the cloud. The network really behaves like being linked with a regular patch cable! It works so good, that I even was assigned an IP address from router A's DHCP pool, even though I was actually on router B's physical net ("problem" was solved by enabling "Filter DHCP packets on Virtual Switch").
So, like I said, this can be used to merge multiple networks to one big one. I am using this even on the same TCP/IP subnet 192.168.67.0, here is how:
Router A has 192.168.67.1 with DHCP pool ...2-...99
Router B has ...100 with DHCP pool ...101-...149
Router C has ...150 with DHCP pool ...151-...199
Every router is by default the gateway of its physical network, but all devices are in the same subnet. Using printers, IP-cams, NAS like on your homenetwork.
My network C is in an VoIP restricted country. I can't use SIP over there. Ports blocked, deep packet inspections running on ISP side, SIP via VPN is not as easy too. Because you can't port-forward thru VPN that easy. So my SIP-phone on network C is configured manually to use IP 192.168.67.254 (out of every DHCP pool) and use 192.168.67.1 as gateway and DNS. Router A has a portforward on port 5060 to 192.168.67.254, so it is reachable from outside.
Sounds like a nice setup right?
But now even better: Softether of course requires to run on each physical network segment you want to connect with each other. You could put it on a regular desktop machine and its fine. But it needs to run 24/7 so that the virtual cable is up. But that'S not preferable solution, too much waste energy.
Enter ... Raspberry Pi
There is a Linux ARM build available from Softether. So easy to install, so low energy, such wow, so lol.
2GB SD card. fresh debian for Raspberry, connect raspberry with router (lan cable), power the raspberry (i used usb port of routers!), ssh into your Pi, apt-get update upgrade, expand filesystem, set timezone
meanwhile set up dhcp reservation for the pi, portforward 5555 to pi (only necessary for server pi)
ServerPi: wget latest Softether Server ARM EABI build for Pi, follow these blog post more or less:
http://tomearp.blogspot.de/2013/11/setting-up-l2tpipsec-vpn-with-softether.html
Client Pis: wget latest Softether Bridge ARM EABI build for Pi, same procedure like server just replace server everywhere with bridge
I even doubt anyone will ever read this but if someone ever does and is stuck, just comment. Just a rough sketch of what to do.
To config all the settings on the Pis just use the "Server manager Tool" on any desktop machine and connect to the Pis IP. There you can setup everything. All you need to do on the Pis is installing Softether moduls and ensuring the autostart on boot. The whole config stuff is easy made from normal computer with nice GUI
Keine Kommentare:
Kommentar veröffentlichen