I'm looking to set up a VPN server and I'm trying to figure out what software to use. My problem is that I have no idea what the term for the arrangement I want is so I can't really google for it. What I want is to have a "virtual" LAN where the only access is by VPN, where having access to the VPN only give you access to other VPN clients; not to the general internet, and not to the server running the VPN.
My primary use case is getting uniform access between clients I own where one or both may be behind a NAT and/or firewall that may not have a consistent IP.
(p.s. Given my budget I'll have to stick with freeware/FOSS.)
Edit: The VPN server is not in the same NAT/Firewall/IP situation. It's able to serve up whatever I want from a static IP.
I really enjoy working with OpenBSD (PF) along with OpenVPN you can create the type of setup you are looking for...if I understand properly.
When I fist got my hands on PF I found that documentation very enlightening. http://www.kernel-panic.it/openbsd/vpn/index.html
You can do it with OpenVPN.
There are two gotchas however:
Configure routing/firewall on router in a way that will block packets between tun interface and other interfaces.
enable
client-to-clientin openvpn config (just add it in .conf file on server)OpenVPN by default will provide same IP address to client on reconnect. There are cases where it may not happen: pool running out of IPs, configuration moved to other server without files in /var, etc.
To assure same IP on reconnects, use
client-config-dirdirective. In it you create files with the same name as the DN of client's certificate, then it's just add thereifconfig-push <ip-of-server-in-vpn> <ip-of-client>where server's IP is the one on tun interface (private IP)