• SolidGrue@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    edit-2
    10 months ago

    Its peer-tp-peer in that it can be configured in multiple modes on a peer by peer, interface by interface basis. You can make point to point, hub & spoke, or full mesh topologies. If you configure one of the peers for IP forwarding, it can gateway to external networks. If you configure two peers with IP forwarding and establish some routing you can build site to site topologoes, or add more peers for site to multisite and full mesh site topologies. Add IP masquerade (source NAT or PAT) to any of those topologies and it can provide remote access VPN.

    Its very flexible. Most config guides walk you through a basic remote access VPN scenario that lets remote peers access local LAN services at the one end, but not the other, and/or additionally access Internet resources via IP masquerade. The other topologies require more work, but are (edit: not) much more difficult than the remote access use case.

    • ozymandias117@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      10 months ago

      Thanks for the in depth explanation.

      When I’m using it from my work laptop to work’s server to access internal sites, it feels very client -> server.

      When they said peer to peer, I was worried I was somehow also exposing my personal devices to work’s network

      I didn’t realize there were so many other ways to set it up