[opensuse] How to connect two distant machines via openVPN while using KDE Plasma.
I have following project: machine A (Italy) machine B (Germany) Both machines should share a private network via openVPN. The users should not be able to access data on reciprocal homedirectories if not otherwise set. The users shall share: online games, gajim chat (local that is from machine to machine), Knotes). For the beginning: experience of mine setting this up is zero. Permissions of home: So, first thing I would like to know what permissions I have to set for the home of the users. I suppose both users interacting have to have 700 as permission (umask 077)? Correct until now? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Stakanov wrote:
I have following project: machine A (Italy) machine B (Germany)
Both machines should share a private network via openVPN. The users should not be able to access data on reciprocal homedirectories if not otherwise set. The users shall share: online games, gajim chat (local that is from machine to machine), Knotes).
For the beginning: experience of mine setting this up is zero.
Permissions of home: So, first thing I would like to know what permissions I have to set for the home of the users. I suppose both users interacting have to have 700 as permission (umask 077)? Correct until now?
You are moving too fast, slow down. Once you have a VPN established, your users will be on the same network, as if they were on the same wifi or ethernet switch. They are still on separate machines in separate countries, neither can see what the other is doing. So split things into two - a) establishing a network, with openVPN or some other means (ssh tunnelling is also an option). b) determine and enable what you want to do on this network. Whether you pick openVPN or something else, you will need to have a machine that acts as the server, the other as the client. -- Per Jessen, Zürich (9.6°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/11/2020 11.27, Per Jessen wrote:
Stakanov wrote:
I have following project: machine A (Italy) machine B (Germany)
Both machines should share a private network via openVPN. The users should not be able to access data on reciprocal homedirectories if not otherwise set. The users shall share: online games, gajim chat (local that is from machine to machine), Knotes).
For the beginning: experience of mine setting this up is zero.
Permissions of home: So, first thing I would like to know what permissions I have to set for the home of the users. I suppose both users interacting have to have 700 as permission (umask 077)? Correct until now?
You are moving too fast, slow down.
Once you have a VPN established, your users will be on the same network, as if they were on the same wifi or ethernet switch. They are still on separate machines in separate countries, neither can see what the other is doing.
So split things into two -
a) establishing a network, with openVPN or some other means (ssh tunnelling is also an option).
b) determine and enable what you want to do on this network.
Whether you pick openVPN or something else, you will need to have a machine that acts as the server, the other as the client.
Likely you would create user "stakanov" on both machines with the same UID. That would facilitate sharing homes, but you still need to decide how to share homes. nfs, probably. You would also need ssh logins. And it would help having remote ssh login in case the vpn fails, for repairs. Notice that it is possible to connect to a single (or more) remote port on the other machine using ssh, instead of using a full fledged vpn. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 11/7/20 5:40 AM, Carlos E. R. wrote:
On 07/11/2020 11.27, Per Jessen wrote:
Stakanov wrote:
I have following project: machine A (Italy) machine B (Germany)
Both machines should share a private network via openVPN. The users should not be able to access data on reciprocal homedirectories if not otherwise set. The users shall share: online games, gajim chat (local that is from machine to machine), Knotes).
For the beginning: experience of mine setting this up is zero.
Permissions of home: So, first thing I would like to know what permissions I have to set for the home of the users. I suppose both users interacting have to have 700 as permission (umask 077)? Correct until now?
You are moving too fast, slow down.
Once you have a VPN established, your users will be on the same network, as if they were on the same wifi or ethernet switch. They are still on separate machines in separate countries, neither can see what the other is doing.
So split things into two -
a) establishing a network, with openVPN or some other means (ssh tunnelling is also an option).
b) determine and enable what you want to do on this network.
Whether you pick openVPN or something else, you will need to have a machine that acts as the server, the other as the client.
Likely you would create user "stakanov" on both machines with the same UID. That would facilitate sharing homes, but you still need to decide how to share homes. nfs, probably.
You would also need ssh logins.
And it would help having remote ssh login in case the vpn fails, for repairs.
Notice that it is possible to connect to a single (or more) remote port on the other machine using ssh, instead of using a full fledged vpn.
I use AnyDesk. https://anydesk.com/en -- There are four boxes to be used in the defense of liberty: soap, ballot, jury and ammo. Please use in that order. The soap box represents exercising one's right to freedom of speech to influence politics to defend liberty. The ballot box represents exercising one's right to vote to elect a government which defends liberty. The jury box represents using jury nullification to refuse to convict someone being prosecuted for breaking an unjust law that decreases liberty. The ammo box represents exercising one's right to keep and bear arms to oppose, in armed conflict, a government that decreases liberty. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 07 Nov 2020 11:27:03 +0100 Per Jessen <per@computer.org> wrote:
Stakanov wrote:
I have following project: machine A (Italy) machine B (Germany)
Both machines should share a private network via openVPN. The users should not be able to access data on reciprocal homedirectories if not otherwise set. The users shall share: online games, gajim chat (local that is from machine to machine), Knotes).
For the beginning: experience of mine setting this up is zero.
Permissions of home: So, first thing I would like to know what permissions I have to set for the home of the users. I suppose both users interacting have to have 700 as permission (umask 077)? Correct until now?
It depends on how your user accounts are set up. If they share a common default group (id not name) then yes, you'll need to remove the group permissions on their home directories, but if they have their own groups (different IDs) then it's not necessary. There's no general answer - it all depends on exactly what the situation is. You'll need to check, configure and test.
You are moving too fast, slow down.
Once you have a VPN established, your users will be on the same network, as if they were on the same wifi or ethernet switch. They are still on separate machines in separate countries, neither can see what the other is doing.
So split things into two -
a) establishing a network, with openVPN or some other means (ssh tunnelling is also an option).
b) determine and enable what you want to do on this network.
Whether you pick openVPN or something else, you will need to have a machine that acts as the server, the other as the client.
I'm confused, Per. You say that the users will (effectively) be on two machines on the same network, so I'm not sure why 'a server' is required. Won't the arrangements depend on what the users want to do? If user A has some games to share, then either the game is networked or there needs to be something like an NFS share for that game. But if user B has another game, then they will need to run the NFS export. There's no concept of 'a server' I don't think; just whatever is required to make the particular applications work across a network. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/11/2020 12.46, Dave Howorth wrote:
On Sat, 07 Nov 2020 11:27:03 +0100 Per Jessen <> wrote:
...
You are moving too fast, slow down.
Once you have a VPN established, your users will be on the same network, as if they were on the same wifi or ethernet switch. They are still on separate machines in separate countries, neither can see what the other is doing.
So split things into two -
a) establishing a network, with openVPN or some other means (ssh tunnelling is also an option).
b) determine and enable what you want to do on this network.
Whether you pick openVPN or something else, you will need to have a machine that acts as the server, the other as the client.
I'm confused, Per. You say that the users will (effectively) be on two machines on the same network, so I'm not sure why 'a server' is required.
It is not the same "act as the server" as "requiring a server".
Won't the arrangements depend on what the users want to do? If user A has some games to share, then either the game is networked or there needs to be something like an NFS share for that game. But if user B has another game, then they will need to run the NFS export. There's no concept of 'a server' I don't think; just whatever is required to make the particular applications work across a network.
When a machine shares a directory via nfs, then it is acting as a server. You have to run NFS server on it. :-) -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
Dave Howorth wrote:
I'm confused, Per. You say that the users will (effectively) be on two machines on the same network, so I'm not sure why 'a server' is required.
I guess I wasn't being very clear. I meant - to establish a VPN, one machine will have to act as a server, the other(s) as a client. Once the VPN is up, the machines are on the same (virtual) network. What they do then is step 2.
Won't the arrangements depend on what the users want to do? If user A has some games to share, then either the game is networked or there needs to be something like an NFS share for that game. But if user B has another game, then they will need to run the NFS export. There's no concept of 'a server' I don't think; just whatever is required to make the particular applications work across a network.
There may or may not be, it depends. To have an NFS share, something needs to serve it etc. Often a network game is hosted by one machine, "the server". Stakanov mentioned a chat mechanism, typically there will also be something hosting that. -- Per Jessen, Zürich (10.4°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 07 Nov 2020 13:02:19 +0100 Per Jessen <per@computer.org> wrote:
Dave Howorth wrote:
I'm confused, Per. You say that the users will (effectively) be on two machines on the same network, so I'm not sure why 'a server' is required.
I guess I wasn't being very clear. I meant - to establish a VPN, one machine will have to act as a server, the other(s) as a client. Once the VPN is up, the machines are on the same (virtual) network. What they do then is step 2.
Ah right, you mean for the VPN connection. I thought you were talking about step 2.
Won't the arrangements depend on what the users want to do? If user A has some games to share, then either the game is networked or there needs to be something like an NFS share for that game. But if user B has another game, then they will need to run the NFS export. There's no concept of 'a server' I don't think; just whatever is required to make the particular applications work across a network.
There may or may not be, it depends. To have an NFS share, something needs to serve it etc. Often a network game is hosted by one machine, "the server". Stakanov mentioned a chat mechanism, typically there will also be something hosting that.
Yes, exactly. There may be multiple servers or none. It depends on just what applications are running. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (5)
-
Bill Walsh -
Carlos E. R. -
Dave Howorth -
Per Jessen -
Stakanov