[NTLUG:Discuss] Looking for a VPN solution

Jack Snodgrass jack+ntlug at mylinuxguy.net
Fri Aug 22 06:45:47 CDT 2003 

On Thu, 21 Aug 2003 23:03:51 -0500, Thomas Cameron wrote:

> ----- Original Message ----- 
> From: "Jack Snodgrass" <jack+ntlug at mylinuxguy.net>
> Newsgroups: ntlug.discuss
> To: <discuss at ntlug.org>
> Sent: Thursday, August 21, 2003 9:47 PM
> Subject: Re: [NTLUG:Discuss] Looking for a VPN solution
> 
> 
>> I've had real good luck with vtund ( http://vtun.sourceforge.net/ )
> 
> I used that quite a while ago, but haven't touched it in years - will
> definitely check it out.
> 
>> When you say 'dynamically addressed'... do these addresses change on
>> an hourly basis or just every once in a while?
> 
> It's RoadRunner in Austin, so sometimes it goes weeks without changing but
> sometimes it changes several times a day.  No rhyme or reason.
> 
>> I do a vpn with vtund
>> and my sites use DHCP. When ever I get a new IP Address on my servers,
>> I update the address on a central server that doesn't change it's
>> IP Address. As part of my vtund connection script, I get the 'latest'
>> IP Address of the remote server from the central server. If the
>> link goes down... when I reconnect, I re-query the server to get the
>> IP Address again.
> 
> I was thinking of an awk script and scp so that every time the IP address
> changes, the VPN router at each dynamic site "pushes" its address to the
> central server and that triggers a DNS restart or something like that.

On my setup, I have a cron job that runs every 'x' minutes that uses wget
to 'ping' a remote web server. It accesses a cgi script I wrote on the 
web server that records the IP Address of my remote client. My vtund
scripts also  run the same wget command. I then have another .cgi 
( myaddress.cgi ) that the remote server can use to 'get' the ip address
of my remote systems. 

> Yup, just what I was thinking about, except you mention you manually
> have to restart or rebuild the tunnels.  I am trying to avoid that if
> possible. Looks like it's time to scriptify something.

all of my stuff is scripted. vtund has a 'reconnect on disconnect' option.
If I restart any of my servers, the tunnels are automatically
re-established. 

I also have my scripts ( called from vtund ) set up the iptables. My
clients use IP MASQ to do the 172.16.x.x. to Internet and Internet to 
172.16.x.x stuff. 

jack

More information about the Discuss mailing list