Private network between multiple connections

[politas 0]

I am wondering if it is possible to set up a private vpn tunnel directly between devices connected to AirVPN, so that I can have a secure connection back to my home machine from a remote location, for SSH or whatever. This would make AirVPN a very attractive service for very small businesses, I would think. Getting VPN ability without having to set up and, maintain your own VPN infrastructure.

[zhang888 1066]

I am wondering if it is possible to set up a private vpn tunnel directly between devices connected to AirVPN, so that I can have a secure connection back to my home machine from a remote location, for SSH or whatever.
 

 

 

Hello.

You can actually achieve it simply with port forwarding.

You can do it for SSH by adding the correct port in the config file and restarting the daemon.

 

 

 

This would make AirVPN a very attractive service for very small businesses, I would think.
 

 

 

 

Quite the contrary It would make security minded people ditch the service immediately. Since it will mean that any user can access

any other VPN user's network resources without any network separation. Might be acceptable for corporate VPNs, a nightmare idea for

public VPNs. Users of public VPNs cannot be trusted on your LAN, in which most cases traditional firewalls fail - they see the RFC1918

networks as trusted by default (Air uses 10.0.0.0/8), an example is the Windows Firewall.

 

 

 

Getting VPN ability without having to set up and, maintain your own VPN infrastructure.
 

 

 

 

The only setup required is the obvious VPN tunnel, your network services configured properly, and functional port

forwarding config. Skipping thru your suggestion, all the above steps are applicable for any network service. If you

will properly forward ports, the actual LAN<->LAN traffic rule by Air will have zero negative affect on your setup. Just

make sure you have the right daemons set up properly and you will even benefit from an additional default security

layer.

[politas 0]

Hello.

You can actually achieve it simply with port forwarding.

You can do it for SSH by adding the correct port in the config file and restarting the daemon.

 

Quite the contrary It would make security minded people ditch the service immediately. Since it will mean that any user can access

any other VPN user's network resources without any network separation. 

I can only think that you've misunderstood what I'm asking. My idea is that the AirVPN client could set up a secondary secure tunnel between a single user's multiple connections. Port forwarding means leaving an open SSH server to the Internet, able to be discovered by port scanning, which I specifically don't want to do. I'd like to have a separate subnet that I know will only be accessed by someone using my AirVPN certificate. I don't want to allow any arbitrary AirVPN user to access it; that would be patently pointless.