Help with VPN Quarantine Project

Networking
, ,
1

Hello Level1~ (^^)/)

What with the quarantine going on, lots of us have more time on our hands… time to work on projects that had fallen fairly low on the to-do list.

Not long ago I discovered the joys of ssh and sftp.
All of my machines run Linux. All of my housemates have Macs. So everything in the house Unix-based. Even my Windows machine has WSL up and running for built-in ssh.
It’s become my new favourite thing to just ssh into my machines via laptop to update them. Or to pull a D&D sheet from another computer to a mate’s laptop without having to get up, find a thumb drive, and, y’know, physically move. Like a pleb. :stuck_out_tongue:

Now I’m getting greedy. I want more. I’m looking beyond just my local network at sending files to even more faraway friends!

Conceptually… a VPN looks like exactly what I want to do; send files from my “main business headquarters” (here) to “satellite offices” (my other techie friends) through… some tunneling trickery that puts us on the same local network. I think?
I picked up an A+ cert last year and Linux is a major hobby, but man, this networking business is somewhat over my head.

It probably doesn’t help that I want to do everything the hard way, using FOSS, over the command line. But it truly makes everything easier for me in the long run once I can wrap my head around things.

From what I can understand… the “outside machine” would log in with their VPN credentials… then tunnel to/connect to an “entry point” machine on my home network… (like an RPi4) and from there… the outside machine should have access to any network attached storage… I think? I’ve been struggling with this on and off for a few weeks and just haven’t been able to figure things out. @_@

I think I know what I’m trying to do, but… at this point, some hand-holding would be greatly appreciated. x_x

Goals: 1) To use OpenVPN (or even better PiVPN) to send a file via command line from Desktop “A” (in America) to Laptop “B” (in Australia.)
(Hard to think of a more extreme test in terms of distance, hey? :stuck_out_tongue:)

Any help at all is super appreciated!! Even if it’s just referring me to the proper pages on the ArchWiki or wherever.

2

PiVpn has moved to wireguard as the primary method, but openvpn is still an option. Wireguard is built into the Linux kernel in 5.5+ (if less it’s a module), and Mac and Windows clients are available iirc. It’s pretty clean and slick, performant as well. Some things to remember are to do ddns if not using a static wan IP (or VPS). Doesn’t matter if they are in Australia or next door, VPN is a vpn.

Edit: the PiVpn installer does put the client on the same subnet as the device is, so yes, VPN users would be able to access the same storage resources.

3

PiVPN looks like OpenVPN, WireGuard, and a bunch of other stuff stapled together, but it also looks like it does most of the work for you, which in the case of OpenVPN is probably for the best.
This guide looks pretty solid:

Basically. There are a lot of different configurations you can do with OpenVPN including having it spawn isolated sandbox subnets, or just having clients merge into the local subnet. You probably want the latter, though you need to trust your clients not to mess with anything else on the local LAN, or think of ways to restrict them. It’s a versatile tool.
So you set up an OpenVPN server on the Raspberry Pi, forward whatever port it’s running on from the internet to that RPi on the router and people connected to the internet should be able to connect to that server.
Then you just need a way to get the server’s public certificates to your users, and find a way to inform your users of the server’s IP address (unless you have DNS/Dynamic DNS in place already). That covers most of it at a high level I think.

As for file transfer there’s a million plus options. From the command line most of them are horrible, but SCP, FTP, or DC++ are fairly established for sharing files.