|
Multiple WAN hosts; Multiple tunnels?
![[nl]](/s/countries/nl.gif) Shadow Hawkins on Tuesday, 30 March 2010 11:04:05
Hello!
First let me draw you a picture of the situation:
- I have a static tunnel and subnet setup on my dedicated colocated linux server which all works perfectly.
- Now I want to have also have v6 connectivity on my laptop, which is mainly used at work (WAN from server point of view)
- I also want my home network (routed by a Cisco 1760 on a changing v4 IP, also WAN from server PoV) to be connected
The issue:
What is the recommended way to go to get these additional hosts connected?
Should I request new tunnels for both my laptop and home network? In that case, the laptop is clearly an AYIYA case, but what about the Cisco router at home?
Or.. can I set up my server in a way that it acts as the v6 gateway for these hosts? This somehow seems like the best option, since it's not wasting any additional sixxs tunnels and PoP resources and my subnet is properly used (Since all hosts are solely managed by me, I think they fall under the same site, administratively speaking). If this is the case, how do I create such a situation? Radvd isn't the solution it seems, as it would only announce to the other colocated servers on that location which do not belong the same administrative site. So how would I make it's v6 capabilities available only to me? VPN? Other tunnel? Socks?
Thanks for any advice you might have to offer!
Multiple WAN hosts; Multiple tunnels?
What is the recommended way to go to get these additional hosts connected?
Depends on what you want of course. You could do tunnels from the subnet to the other hosts, or you could request additional tunnels(+subnets) for each.
Should I request new tunnels for both my laptop and home network? In that case, the laptop is clearly an AYIYA case, but what about the Cisco router at home?
How "changing" is the endpoint? If the endpoint only changes once per year, you will be fine with a static tunnel and you can probably terminate it on the Cisco directly (if it supports it), otherwise you need to either:
a) run a heartbeat client on another host behind the cisco but terminate
the tunnel on the Cisco (proto-41 heartbeat)
b) terminate a heartbeat tunnel behind the box, forwarding proto-41 in the
Cisco to the real endpoint.
c) run an ayiya client behind the cisco.
Or.. can I set up my server in a way that it acts as the v6 gateway for these hosts?
OpenVPN seems to be a preferred way of doing this. Tinc can also handle it. Generally speaking, ipv6 tunnels are just another form of VPN, except that the Private is actually global.
Multiple WAN hosts; Multiple tunnels?
Shadow Hawkins on Tuesday, 30 March 2010 16:46:10
Hi Jeroen, thanks for your elaboration on the matter.
Depends on what you want of course. You could do tunnels from the subnet to the other hosts, or you could request additional tunnels(+subnets) for each.
Individual subnets seems like such a waste of address space, so I'd prefer to tunnel from my current subnet I guess, additionally because:
How "changing" is the endpoint?
At least once a month (more often weekly though, it's a Cable line from Ziggo), so static won't work. And since the Cisco is the only host running 24/7 on that link, I prefer to let it handle everything (since that what it's supposed to do anyway, right?). Using OpenVPN could work, since the Cisco can initiate those connections to the server, being static.
HowTo's on this particular configuration are scarce though, so it's gonna be a bit of a hobby project!
|
![[ch]](/s/countries/ch.gif)
on Tuesday, 30 March 2010 14:56:43
Posting is only allowed when you are