All This is a little bit OT but has some roots in Debian. More than anything I am looking for pointers to where I should be looking for tutorials or other help, as I am pretty sure there is info out there on what I want to do but am not sure what to search for. Most of my searches so far have turned up info about connecting two networks using a VPN, which seems more difficult / complicated than what I am trying to do.
I travel a lot for business and some time ago I set up OpenVPN so I can access my home network, and in particular my main PC, while travelling. I run OpenVPN on my network's firewall, which is a miniITX PC running LFS. The OpenVPN server is running in multi-client mode. When I will be travelling I open the relevant port on my firewall, add rules for the tundevice, fire up openVPN on the server and on my client PC. When I come home I shut it down, as I don't need the VPN normally. There are 2 clients for this VPN -- one is my main home PC which is a Debian Stretch machine and is conected by wired ethernet to a Buffalo Airstation which also supplies my WiFi. The WAN port of the AirStation runs to my firewall. The other client is an Android tablet where I run OpenVPN for Android. For months I have reliably been able to connect the Android tablet and thus have connectivity from the tablet to the Debian machine while travelling. My usual drill is connect via OpenVPN, ssh from the tablet into the box, fire up a tigervncserver session and then connect from the tablet using a VNC viewer, after which I can pretty much do anything as if I were sitting in front of my home machine. For example right now I am using that configuration to send this email using mutt running on my Debian PC, while I am using my tablet in a hotel room in Singapore. What I'd like to do now is have the option to set things up so that the tablet has NO CHOICE but to do all its interaction with the internet over the VPN. In other words, it should conect to local untrusted WiFi as normal, get an IP address from that network, and then when I fire up OpenVPN I want to arrange things such that all user / app attempts to access the internet are routed through the VPN, so they emerge onto the internet at large from my home network not from my tablet directly. And, crucially, any attempt to talk to the tablet that doesn't come through the VPN goes ignored. Thus untrusted networks don't see my traffic, and my tablet is safe from attack from the local untrusted WiFi LAN. I imagine I need to let some traffic go through the untrusted connection, eg DHCP etc to keep the local connection to the untrusted WiFi alive, but I want that to be the absolute minimum necessary. Is this a matter of configuring OpenVPN right, and if so can anyone point me at a good tutorial? or do I need other software, in which case can anyone give me any pointers? Thanks Mark
