Roadwarrior VPN access with same IP address?
-
What I'd like to achieve is that my laptop is at the same IP address when directly attached to the LAN as when it's accessing the LAN thorugh a VPN link while being elsewhere.
Obviously, I don't want to burden the VPN link, which may have a slow connection, with things like broadcast traffic etc.
How is this done the best way, given that various VPN methods all claim that one must use network addresses not used elsewhere.
It wouldn't seem to be such an outrageous idea to want a device to remain a (virtual) member of the same LAN even when not present, but I don't see an obvious way to do that with the IPaddress remaining stable.
-
Well that would be a bridge setup.. For example here is writeup of it for openvpn
http://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.htmlNot sure if they have that type of setup allowed for in the gui of pfsense?
Keep in mind if you do that sort of thing then broadcast traffic would flow over the vpn.
-
tap bridging should work on 2.1 (it did last I tried it when I fixed it up), it's not all that straightforward to setup though.
It would still involve sending broadcast/multicast/etc traffic over the bridged interface, so you'd get more traffic than you bargained for, but it should function.
Kind of an ugly setup though just to land on the same IP… Why is that needed exactly? There may be another way to get the same end result.
-
On my LAN all nodes have public, fixed IP addresses, so as far as each computer's built-in firewall and/or the pfSense box allows, each one can access any other one regardless where it's located by a fixed IP address or FQDN.
This of course falls apart, as soon as a machine leaves the LAN, and that I try to prevent.
The one big thing that the Internet still has that's rather outdated is the geo-IP stuff, when in fact global roaming of any given IP address should be possible (just like a moble phone can be anywhere in the world and still be reachable by the same number).
So the goal is, to destroy the geo-location dependence of in practice a few, conceptually of all, my computers' IP addresses while retaining the ability to reach all of them by the same fixed IP address from any public network, regardless where they are located.
I'd like to end up with a logical environment that's largely independent from the physical location. e.g. an rsync script shouldn't have to know where a computer is. It should only need to know its public IP address and/or FQDN, and start working, as long as the host is reachable (if the laptop is sleeping in an airplane, it won't be reachable, but it shouldn't matter if it's set up in a hotel in Nairobi, a coffee shop half a mail away from the office, or in orbit on a space station: if there's internet connectivity, it should be reachable by the same address and FQDN.
Due to the boneheadedness of Verizon, I was already forced to virtualize my entire LAN by routing the public IP addresses over a VPN link to where I am, which means theoretically I could go traveling around the world with the entire LAN, IP addresses and FQDN's remaining invariant. So now I'd like to extend that concept to individual machines.
Bridging would be just fine, if somehow I could filter the broadcast traffic…
On a fast internet connection, the amount of broadcast traffic wouldn't be an issue, because there are not that many machines involved, and the net is generally fairly quiet, but traveling one doesn't always have a fast connection, and then broadcast traffic can quickly get deadly... (think GPRS link to the internet...)
