Hey there, I'm building a free VPN network... The idea is to provide a basic VPN pptp server and let the community grow it with expanding the network, adding resources...
With that network, we can share and make things like voip in a private way because we are using vpn... no controls, no problems with public authorities because it's not public.
The objective is make that everyone can use it but for that I need your help to make it grow with adding what you can to the network and helping me with managing it... If someone is interested or has some ideas, feel free to share them and tell me if you're interested and in wich way you can help to make this network grow...
How bad is it? Very. Microsoft PPTP is very broken, and there's no real way to fix it without taking the whole thing down and starting over. This isn't just one problem, but six different problems, any one of which breaks the protocol.
When you say it won't be public do you mean that people can connect to it an communicate with each other and not use it to access the internet? Because I may be interested in playing around with something like that.
Well you can still go online with it... but you can build a infrastructure on the vpn that doesn't need to go on the "internet" but stays in private network...
if you are looking into interconnecting multiple clients/users/clusters you might want to take a look at dn42 [1]. Its very nice. You learn a lot about routing (bird & similar), dns and other stuff additionally if you or others are interested.
thank you man, It's exactly what I'm searching but instead to be the only administrator of this network, I ll just let it go and allow everyone to connect to this VPN and give resources...
So if the community want something, they can help me and make their thing to make a big network
I'm working to install an openvpn server... But I'm a little bit lost with the certificates... I don't realy see a easy way to connect everyone on a network that use certificates like that...
you can search for scripts handling most of the difficult part of authentication. or use 1 openvpn per user and teach them to interconnect even.
as most sites rightfully suggest certificates to be the best practice, try something ~automated: https://github.com/fluffle/ca-scriptsor similar projects out there
So my objective is to make something like this... a sort of gigantic virtual LAN true VPN where everyone can make what he want. The difference between this and Internet is that because it's VPN we're on a private infrastructure from the point of view of law and no-one is ruling this network
I actually don't know if we could make it work... maybe using PPTP and OpenVPN to make it available for everyone...
But I don't know if it's gonna work... I want for example that users that are connected to the C VPN server can access to resources that are connected to D VPN
I would just use openvpn for this, it works on every platform and is fast and secure. It should be fairly straight forward enough to set up. You'd just have to set static routes on the VPN servers so they all know how to access the networks attached to them. The users would either have to have those routes pushed to them or use the VPN as the default gateway (which will mean all internet traffic is sent through the VPN). Personally I wouldn't want to do that as there's no way to trust that the VPN servers aren't doing anything dodgy with the traffic, but that's easy enough for each user to configure themselves.
You'll need a DNS server on the network that will be pushed to the clients so that they can resolve the network resources. An external DNS server will be handy as well so that vpn.whatever.com will be resolved randomly to any of the VPN servers, which will aid in load balancing. You could also have us.vpn.whatever.com and au.vpn.whatever.com to resolve to specific servers based on location if people want to connect based on proximity.
thanks... It ll be great if you could help me... for the external DNS's I've already got one with one of my domain names network.adct.tech I ll change it to rename it fr.adct.tech (but it can be as it grow up that we got more french servers) If you can setup a second VPN server handling the certificates and create an internal DNS, it ll help me a lot... If you do so, I can add a entry in DYDNS on my domain name for your VPN server
I think the best aproch will be to connect each server to each other server and configure the routes between them manually, then push all the routes to the clients when they connect.
Tomorrow I will see if I can get a second openvpn instance working on my server and let you know.
Okay, on my side, I ll try to make my open vpn working. I ll reset the VPS and upgrade it to ubuntu server 16.04 instead of 14.04 and try to play at my side with the certificates. Were are you located so I can know where your server probably will be?
set your VPN network to 10.100.0.0 and I'll use 10.101.0.0. I'll send you some certs in a minute. Once I play around with the server I'll let you know what will work for the routing stuff.
