|
Which tunnel option?
![[us]](/s/countries/us.gif) Shadow Hawkins on Wednesday, 17 March 2010 15:55:14
It is not clear as to which tunnel option best applies in my case. We have a static IPv4 address with pretty much 24/7 operation. The ISP connection does go out from time to time either via a general outage or the cable modem gets out of sync and needs to be restarted. I would say maybe once a month, or even once every two months. Our gateway is pretty reliable though over the time span of a year it will possibly hang up and require a manual restart. The restart may not happen for several hours if it occurs duing the middle of the night. Regarding NAT, I'm assuming that restriction applies to the IP that is an endpoint for the tunnel, which ours is not (NATed). Servers and workstations behind the gateway, which are NATed, have varying degress of reliability though I don't see how they play into this decision.
So the question is then, "which option?", AYIYA, Heartbeat or static. It seems that the static option applies, but being unfamiliar with exactly how reliable the connection needs to be (wrt the above comments), I'm having a hard time deciding for sure.
If anyone can provide more information on this matter, then it would be appreciated.
thanks,
-jeff
Which tunnel option?
We have a static IPv4 address with pretty much 24/7 operation.
Upto there a normal proto-41 tunnel should work fine, unless the host that is at that IPv4 address can't terminate the tunnel
The ISP connection does go out from time to time either via a general outage or the cable modem gets out of sync and needs to be restarted.
Does not make it dynamic or require the need for a heartbeat/AYIYA solution IMHO.
Thus still proto-41 static is fine.
Regarding NAT, I'm assuming that restriction applies to the IP that is an endpoint for the tunnel, which ours is not (NATed). Servers and workstations behind the gateway, which are NATed, have varying degress of reliability though I don't see how they play into this decision.
The point that AYIYA solves (or for that matter anything not proto-41 and generally UDP) is that NAT boxes generally don't understand what to do with proto-41 as there is no port or other way to select where the packets should go when they come back, especially when you have multiple hosts behind the NAT.
So the question is then, "which option?", AYIYA, Heartbeat or static. It seems that the static option applies, but being unfamiliar with exactly how reliable the connection needs to be (wrt the above comments), I'm having a hard time deciding for sure.
I would definitely say: static proto-41.
If you have an outage for a few hours, then fix it, if your outage lasts longer than a day though the robot will mail you about it and you'll loose some credits.
Which tunnel option?
Shadow Hawkins on Thursday, 18 March 2010 14:04:50
Thanks for the information. I'm doing a flurry of research regarding setting up for IPv6 and have discoverered that shorewall, our current firewall (setup) tool, on lenny has limited IPv6 support, basically just allowing a tunnel to pass. I may need to wait for squeeze before requesting a tunnel since we probably wouldn't want it to run continuously without some sort of security. I (sort of) know of 6wall but since squeeze is "supposed to" release this spring which includes shorewall6, I may wait, or at least wait until I get a better feel for how to solve the firewall issue for us.
Thanks again for the info.
-jeff
Which tunnel option?
Shadow Hawkins on Tuesday, 23 March 2010 19:20:59
I don't think 6wall is still in development but the Debian package maintainer for Shorewall, Roberto Sanchez, has made Shorewall 4.4 packages available for Lenny in his repository here: http://people.connexer.com/~roberto/debian
-Gary
|
![[ch]](/s/countries/ch.gif)
on Wednesday, 17 March 2010 16:08:57
Posting is only allowed when you are