Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do you need a static IP for OpenVPN?


  • Please log in to reply
29 replies to this topic

#1 SuperSapien64

SuperSapien64

  • Members
  • 979 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 26 March 2016 - 10:18 PM

Hi I would like to setup a VPN tunnel with OpenVPN on a Raspberry Pi. And I was wondering if I need a static IP address for a VPN tunnel using OpenVPN?  :unsure:  :scratchhead:


Edited by SuperSapien64, 26 March 2016 - 10:19 PM.


BC AdBot (Login to Remove)

 


#2 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:10:31 AM

Posted 26 March 2016 - 10:27 PM

Technically not. In practice a static IP is helpful, in that you don't have to worry about your IP changing on you. If static IP isn't an option, consider a dynamic DNS solution. There are many free / cheap dynDNS available.


Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#3 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 979 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 26 March 2016 - 10:36 PM

Technically not. In practice a static IP is helpful, in that you don't have to worry about your IP changing on you. If static IP isn't an option, consider a dynamic DNS solution. There are many free / cheap dynDNS available.

I have/use OpenDNS. Could use that for my OpenVPN tunnel?



#4 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:10:31 AM

Posted 27 March 2016 - 09:42 AM

Long as it's the second type of dynDNS that the Wikipedia article talks about:

The second kind of dynamic DNS permits lightweight and immediate updates often using an update client, which do not use the RFC2136 standard for updating DNS records. These clients provide a persistent addressing method for devices that change their location, configuration or IP address frequently.

(bold added)
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#5 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 28 March 2016 - 03:32 AM

In theory you should not need dyndns.  dyndns is a service that runs as a client on a local computer that is connected to a online server.  When the wan ip address changes due to being dynamic the client updates the server with the new wan ip for the domain name.

 

VPNs don't deal with domain names.

 

What Openvpn does for you is they become your front on the internet.  Folks on the internet see your access as them.

 

Concerning the question of do you need a static ip.  Your ip address isn't important just as the route to the vpn server may change so can your ip address.  It's the client to server connection that matters.

 

Least that's my understanding



#6 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:10:31 AM

Posted 28 March 2016 - 10:08 AM

In theory you should not need dyndns.  dyndns is a service that runs as a client on a local computer that is connected to a online server.  When the wan ip address changes due to being dynamic the client updates the server with the new wan ip for the domain name.
 
VPNs don't deal with domain names.
 
What Openvpn does for you is they become your front on the internet.  Folks on the internet see your access as them.
 
Concerning the question of do you need a static ip.  Your ip address isn't important just as the route to the vpn server may change so can your ip address.  It's the client to server connection that matters.
 
Least that's my understanding

I never said it was essential, only that it would helpful. A changing IP can be difficult to connect to.

You can connect to a VPN via a domain name if that domain name points to the IP, hence the DDNS suggestion.

Edited by ScathEnfys, 28 March 2016 - 10:12 AM.

Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#7 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 28 March 2016 - 01:24 PM

From the question, with no mention of hosting a vpn server, I have to conclude the OP is only using Openvpn as a outbound service which would not require a domain name.  Dynamic domain name would be only for a inbound vpn connection as in hosting a vpn server on the pi. 

 

https://openvpn.net/index.php/open-source/333-what-is-openvpn.html



#8 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:10:31 AM

Posted 28 March 2016 - 02:39 PM

I guess I should have asked that first. Indeed, the OP only mentions a VPN tunnel which might be either way.
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#9 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 979 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 30 March 2016 - 06:10 PM

VPNs are virginal territory for me. So how secure are VPN tunnels? Can they leak your IP or DNS or etc? And the reason I want to setup a VPN a R-Pi so that I can use it on my Android phone for WiFi hotspots and maybe laptop as well.



#10 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:10:31 AM

Posted 30 March 2016 - 06:45 PM

Ok, now we know you are using a server. Glad we got that cleared up. I am going to repeat my recommendation of a DDNS service so that you don't have to worry about the IP of the VPN changing. You're also going to have to forward a port on your router to the RPi.

 

I am not sure what you mean by "leak your IP"... of course people can see the traffic going between you and your server (the RPi in this case) and the IPs of both you and the server... they just can't tell what the information passing between the two is. VPN isn't TOR, with its random shuffling between several servers. It's a point-to-point connection.


Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#11 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 979 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 30 March 2016 - 07:55 PM

Ok, now we know you are using a server. Glad we got that cleared up. I am going to repeat my recommendation of a DDNS service so that you don't have to worry about the IP of the VPN changing. You're also going to have to forward a port on your router to the RPi.

 

I am not sure what you mean by "leak your IP"... of course people can see the traffic going between you and your server (the RPi in this case) and the IPs of both you and the server... they just can't tell what the information passing between the two is. VPN isn't TOR, with its random shuffling between several servers. It's a point-to-point connection.

I mean my IP address it kinda defeats the purpose of having a VPN if people can see your IP address, hence making it unsafe to do something like home banking. I don't want anything important leaking I don't care if the WiFI hotspot can see my traffic as long as other people on the Hotspot cant see me and steal information from me.



#12 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:10:31 AM

Posted 30 March 2016 - 08:45 PM

it kinda defeats the purpose of having a VPN if people can see your IP address

I think you misunderstand the purpose of a VPN in a secure setup.

A VPN may be used for two functionally different security purposes:
1) to encrypt traffic from an insecure location and have it emerge at a different node (snoops might find your IP address, but good luck monitoring it unless they're the freaking government). This appears to be what you are trying to use it for. Just because they can see your IP doesn't mean they can see what you are doing with the VPN.

2) to provide remote access to an internal network in a secure fashion. Most IT-related businesses have a VPN Server to allow their employees to securely access their workstations from home.

If you want more info about what a VPN is, you can look at this wikipedia article. However, it is more technical than you need to know, so you don't have to read it if you don't want to. It also seems to focus on the second application of a VPN.

TL;DR: A VPN hides what you are doing on a public hotspot, at the cost of exposing an external IP (in this case, your home IP). You usually don't need to worry about other people knowing your home IP.
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#13 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 31 March 2016 - 08:55 AM

"And the reason I want to setup a VPN a R-Pi so that I can use it on my Android phone for WiFi hotspots and maybe laptop as well."

 

R-Pi would have a vpn via Ethernet to OpenVPN.  You would need a wifi interface configured as a hot spot for the phone and laptop to connection.  Last but not least you would need to route from the wifi to the Ethernet like you do using windows ICS.



#14 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:10:31 AM

Posted 31 March 2016 - 11:07 AM

"And the reason I want to setup a VPN a R-Pi so that I can use it on my Android phone for WiFi hotspots and maybe laptop as well."

 

R-Pi would have a vpn via Ethernet to OpenVPN.  You would need a wifi interface configured as a hot spot for the phone and laptop to connection.  Last but not least you would need to route from the wifi to the Ethernet like you do using windows ICS.

He is talking about using it for securing public wifi hotspots. I assume the RPi will remain attached to the router at his home and act as a VPN server. Don't overcomplicate things...


Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#15 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 01 April 2016 - 11:12 AM

I didn't read it that way and doing so would be silly.

You would be coming in the same connection you are going out, which would literally cut your bandwidth in half.

If using a vpn service there is no need to that configuration since when out and about he would connect directly to the vpn service.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users