search

freelan-developers / freelan

The main freelan repository.
http://www.freelan.org
Other
1.35k stars 200 forks source link

How to setup FreeLAN for a Gaming on virtual network and without access from VPN to external internet #186

Open thejustsoul opened 5 years ago

thejustsoul commented 5 years ago

Please help me set up a FreeLAN for games on a virtual network with friends. There is conditionally one server (Linux Debian (St also on Windows 8.1 as reserve that configs approached if that), with white IP and open port) and many clients (Windows XP, 7, 8.., etc). It is necessary that clients saw each other (that the host of any game could become any of them) that passed pings and other, i.e. as a usual local area network. Still it is necessary to forbid VPN clients to go through the VPN server to the Internet, i.e. that all clients had access only to each other. And we need to address is issued by server via DHCP, not to specify the IP each time to a new client.

thejustsoul commented 5 years ago

Main server (on Windows 8.1 who also acts as a client) have config:

[tap_adapter]
ipv4_address_prefix_length=9.0.0.1/24
ipv6_address_prefix_length=2aa1::1/8
dhcp_proxy_enabled=yes
dhcp_server_ipv4_address_prefix_length=9.0.0.0/24
dhcp_server_ipv6_address_prefix_length=2aa1::/8
[security]
passphrase=secret

Now for clients such config: Client1

[fscp]
contact=main_server_ip:12000
[tap_adapter]
ipv4_address_prefix_length=9.0.0.2/24
ipv6_address_prefix_length=2aa1::2/8
[security]
passphrase=secret

Client2

[fscp]
contact=main_server_ip:12000
[tap_adapter]
ipv4_address_prefix_length=9.0.0.3/24
ipv6_address_prefix_length=2aa1::3/8
[security]
passphrase=secret

Client3

[fscp]
contact=main_server_ip:12000
[tap_adapter]
ipv4_address_prefix_length=9.0.0.4/24
ipv6_address_prefix_length=2aa1::4/8
[security]
passphrase=secret

Is that right? Or something superfluous or something is missing? Not satisfied that the IP-addresses are written manually, and not issued by the server. Is the transmitted data encrypted? Help please.

richman1000000 commented 4 years ago

you need dynamic contacts to work as real local network

guilhermecugler commented 3 years ago

you need dynamic contacts to work as real local network

can you show me an example of how to do?

richman1000000 commented 3 years ago

for Dynamic contact you need certificate based authentication I use XCA to generate certificates. it has GUI, really simple and fast

can you show me an example of how to do? I've described it right here https://github.com/freelan-developers/freelan/issues/206#issuecomment-575145130 also here is my working config freelan.txt

don't forget: we have a bug #225. you need to restart freelan instance on your main server every 20 munutes so the NAT port will stop stacking

guilhermecugler commented 3 years ago

@richman1000000 I can ping PC1 with SERVER and PC2 with SERVER, but cant ping PC1 with PC2

SERVER:

[tap_adapter]
ipv4_address_prefix_length=9.0.0.1/24
ipv6_address_prefix_length=2aa1::1/8
dhcp_proxy_enabled=yes
dhcp_server_ipv4_address_prefix_length=9.0.0.0/24
dhcp_server_ipv6_address_prefix_length=2aa1::/8
ipv4_dhcp=true
[security]
passphrase=secret

PC1:

[fscp]
contact=SERVER_IP:12000
[tap_adapter]
ipv4_address_prefix_length=9.0.0.2/24
ipv6_address_prefix_length=2aa1::2/8
[security]
passphrase=secret

PC2:

[fscp]
contact=SERVER_IP:12000
[tap_adapter]
ipv4_address_prefix_length=9.0.0.3/24
ipv6_address_prefix_length=2aa1::2/8
[security]
passphrase=secret

how can I ping PC1 with PC2?

Its ok if I need assign the ip manually All devices use Windows

richman1000000 commented 3 years ago

again. you need CA and DYNAMIC CONTACT!!!! ~passphrase=secret~

richman1000000 commented 3 years ago

PC1

dynamic_contact_file=PC2.crt 
ipv4_address_prefix_length=9.0.0.2
never_contact=9.0.0.2

PC2

dynamic_contact_file=PC1.crt
ipv4_address_prefix_length=9.0.0.3
never_contact=9.0.0.3
richman1000000 commented 3 years ago

This part is responsible for dynamic connection

server: 

authority_certificate_file=CA.crt
signature_certificate_file=VPNserver.crt
signature_private_key_file=VPNserver.pem

PC1:

authority_certificate_file=CA.crt
signature_certificate_file=PC1.crt
signature_private_key_file=PC1.pem
dynamic_contact_file=PC2.crt

PC2:

authority_certificate_file=CA.crt
signature_certificate_file=PC2.crt
signature_private_key_file=PC2.pem
dynamic_contact_file=PC1.crt
guilhermecugler commented 3 years ago

This part is responsible for dynamic connection

server:

authority_certificate_file=CA.crt
signature_certificate_file=VPNserver.crt
signature_private_key_file=VPNserver.pem

PC1:

authority_certificate_file=CA.crt
signature_certificate_file=PC1.crt
signature_private_key_file=PC1.pem
dynamic_contact_file=PC2.crt

PC2:

authority_certificate_file=CA.crt
signature_certificate_file=PC2.crt
signature_private_key_file=PC2.pem
dynamic_contact_file=PC1.crt

I understand now, thank you!!! I am very begginer sorry for all the dumb questions haha

lkobus commented 2 years ago

@guilhermecugler did you manage to make this work? I would like to know your point of view and the results you achived.

guilhermecugler commented 2 years ago

@guilhermecugler did you manage to make this work? I would like to know your point of view and the results you achived.

yes, but I had to generate 1 certificate for each new machine, I even managed to generate it automatically for a while but it stopped working... I ended up migrating to OpenVPN which suited me perfectly. (the lan was for a p2p game)

ysn2382617094wsw commented 1 year ago

@guilhermecugler I'm trying to use Openvpn to play LAN games, but I can't find other players in the LAN game list. Is there a way to solve it?