I am looking for a little advice/help on the best way to set this up:
-All static IPs, no DHCP, all on the same 192.168.24.X subnet
-Home LAN with 5 physical machines
-Personal lab/playground with 15 KVM VMs on a single Ubuntu 12.04 host using bridged interfaces (that means the VMs have IPs on the same network as the host, they connect directly to the router. No NAT used between VM and VM host)
-Physical router is WW-WRT (v24-sp2) that has a PPPoE fiber connection to the internet
I want to use an openvpn connection from vpntunnel.se to connect to the internet on some machines, but not all. Just the VMs using the VPN would be OK, but I'd rather be able to decide on a per machine basis, and change the connection easily.
I connected the VM host machine to the VPN, and can get on the internet with it. The problem is, because I am connecting the Ubuntu box directly to the VPN, the tunnel goes through my firewall. vpntunnel.se doesn't block any ports so I have some open visible ports. IPtables on the Ubuntu box is the temporary fix, but I cannot remember to check the individual firewalls on all of my test VMs when I am messing around.
The only thing I could think of was create a virtual router, and connect it to the VPN. Then use it for the gateway of the VMs I want to use the VPN, and use the WW-WRT physical router for traffic not using the VPN. So I created a PfSense VM and set it up as the gateway for a VM, all still only using a single subnet. DNS is acting weird, and not always resolving correctly. I am guessing it is because I am using NAT twice, but I am not smart enough to figure out the best way to set this up. Maybe creating a second subnet 192.168.25.X that goes to the VPN, and leave the current subnet for non-VPN traffic?
With my thrown together hack-job, a VM connects like this:
VM1(192.168.24.200) --- Virtual PfSense Router(LAN IP 192.168.24.10 - WAN IP 192.168.24.11) --- VPN tunnel through physical router (LAN IP 192.168.24.1) --- the internets (WAN IP from vpntunnel.se)
I am pretty sure having the LAN IP and WAN IP on the virtual router is probably not the best way to do this. But have no idea how I should set it up. In my amateur logic, doing it this way means changing the gateway on the VM (or physical machine) would put me on, or take me off the VPN.
Security is not a major concern. There is nothing that valuable/interesting/incriminating on my LAN
-All static IPs, no DHCP, all on the same 192.168.24.X subnet
-Home LAN with 5 physical machines
-Personal lab/playground with 15 KVM VMs on a single Ubuntu 12.04 host using bridged interfaces (that means the VMs have IPs on the same network as the host, they connect directly to the router. No NAT used between VM and VM host)
-Physical router is WW-WRT (v24-sp2) that has a PPPoE fiber connection to the internet
I want to use an openvpn connection from vpntunnel.se to connect to the internet on some machines, but not all. Just the VMs using the VPN would be OK, but I'd rather be able to decide on a per machine basis, and change the connection easily.
I connected the VM host machine to the VPN, and can get on the internet with it. The problem is, because I am connecting the Ubuntu box directly to the VPN, the tunnel goes through my firewall. vpntunnel.se doesn't block any ports so I have some open visible ports. IPtables on the Ubuntu box is the temporary fix, but I cannot remember to check the individual firewalls on all of my test VMs when I am messing around.
The only thing I could think of was create a virtual router, and connect it to the VPN. Then use it for the gateway of the VMs I want to use the VPN, and use the WW-WRT physical router for traffic not using the VPN. So I created a PfSense VM and set it up as the gateway for a VM, all still only using a single subnet. DNS is acting weird, and not always resolving correctly. I am guessing it is because I am using NAT twice, but I am not smart enough to figure out the best way to set this up. Maybe creating a second subnet 192.168.25.X that goes to the VPN, and leave the current subnet for non-VPN traffic?
With my thrown together hack-job, a VM connects like this:
VM1(192.168.24.200) --- Virtual PfSense Router(LAN IP 192.168.24.10 - WAN IP 192.168.24.11) --- VPN tunnel through physical router (LAN IP 192.168.24.1) --- the internets (WAN IP from vpntunnel.se)
I am pretty sure having the LAN IP and WAN IP on the virtual router is probably not the best way to do this. But have no idea how I should set it up. In my amateur logic, doing it this way means changing the gateway on the VM (or physical machine) would put me on, or take me off the VPN.
Security is not a major concern. There is nothing that valuable/interesting/incriminating on my LAN
