[NTLUG:Discuss] Looking for a VPN solution
Thomas Cameron
thomas.cameron at camerontech.com
Thu Aug 21 23:03:51 CDT 2003
----- Original Message -----
From: "Jack Snodgrass" <jack+ntlug at mylinuxguy.net>
Newsgroups: ntlug.discuss
To: <discuss at ntlug.org>
Sent: Thursday, August 21, 2003 9:47 PM
Subject: Re: [NTLUG:Discuss] Looking for a VPN solution
> I've had real good luck with vtund ( http://vtun.sourceforge.net/ )
I used that quite a while ago, but haven't touched it in years - will
definitely check it out.
> When you say 'dynamically addressed'... do these addresses change on
> an hourly basis or just every once in a while?
It's RoadRunner in Austin, so sometimes it goes weeks without changing but
sometimes it changes several times a day. No rhyme or reason.
> I do a vpn with vtund
> and my sites use DHCP. When ever I get a new IP Address on my servers,
> I update the address on a central server that doesn't change it's
> IP Address. As part of my vtund connection script, I get the 'latest'
> IP Address of the remote server from the central server. If the
> link goes down... when I reconnect, I re-query the server to get the
> IP Address again.
I was thinking of an awk script and scp so that every time the IP address
changes, the VPN router at each dynamic site "pushes" its address to the
central server and that triggers a DNS restart or something like that.
> When you say 'sites to see each other'.... are you talking TCP packets
> or UPD? I don't know if UDP packets go transparently across VPN networks
> like these or not. I think that you'd set up something like
Don't care a lot about UDP, it's not really used that much in MS networking.
> MAIN - 172.16.14.0 / netmask 255.255.255.0
> Remt1 - 172.16.15.0 / netmask 255.255.255.0
> Remt2 - 172.16.16.0 / netmask 255.255.255.0
We use 10.0.0.0/24, 10.0.1.0/24 and 10.0.2.0/24 - very similar.
> now... you'd use vtund and establish tunnels like
> main <--> Remt1
> main <--> Remt2
> Remt1 <--> Remt2
>
> this way, each site can talk directly to the other sites.
>
Yup, just what I was thinking about, except you mention you manually have to
restart or rebuild the tunnels. I am trying to avoid that if possible.
Looks like it's time to scriptify something.
--
Thomas Cameron, RHCE, CNE, MCSE, MCT
Cameron Technical Services, Inc.
http://www.camerontech.com/
(512) 454-3200
More information about the Discuss
mailing list