can you run a "single" ip address over?

Tue Nov 11 22:44:15 CET 2003

okay, well i finally got tinc to work (after correcting PrivateKey= to
PrivateKeyFile...)

now i am happy.

_now_ i can do what i really wanted to do, which is to move my damn
machine's configuration files over to a VPN'd box and not have to
change the exim config etc. etc. whenever i move from place to place.

so.

in order to move further towards my goal, can i ask you some questions
and advice?

i have a computer that is behind a dial-up firewall box on a LAN.
it is called highfield (a place i used to live).

the firewall box is called hyd, it stays where it is.

the other box, also behind another firewall, on an ADSL line,
is called jekyl.  it doesn't move, either.

what i have set up is two tinc networks, 192.168.1.* (jekyl)
and 192.168.0.* (hyd).

now, what i _also_ want to be able to do is to do dial-up on highfield
over a usb/GPRS link, and to NOT have to change its local ip address.

_can_ i therefore create a network 192.168.0.200/255.255.255.255
with only one IP address on it, the IP address of highfield?

or would i have to create a /30 network, and have 192.168.0.200 as
the real ip address and 192.168.0.201 as the tun/tap ip address?

as follows in tinc-up:
	ifconfig $INTERFACE 192.168.0.201 netmask 255.255.255.254

and in hosts/highfield:
	Subnet 192.168.0.200/31
	Address highfield.dyndns.org

the other reason for using tinc is of course compression which saves
me a hell of a lot of money!

which brings me on to the other question.

the routing configuration and actual running of tinc is a little more...
complex, shall we say.

what i would like to happen is:

1) the dialup connection comes up, and IF and ONLY if it does, then
   tinc is started.

2) if tinc is successfully started, then the routing of all internet
   traffic, NOT just the local network traffic, goes via the VPN link.

   except, of course, the communication of the VPN traffic cannot go
   via the VPN itself because otherwise you end up with a hoover
   sucking up its own power cable...

the reason for 2) is because i pay per-byte on the GPRS modem link
and it's 50% more expensive than a UK land-line (for which we here
in the backwards telecomms ripping off land called the UK STILL
pay for telephone calls even local ones by the minute. by law.)

so it pays to have a VPN and put the compression level up to the max,
and then use it for everything under the sun.

ways to achieve 2:

- am i better off to try to use jekyl as my ftp and http proxy, all
  the time?

- can i write a tinc-up script that will re-route all the network
  traffic EXCEPT the VPN traffic itself?

  e.g. by having 192.168.0.201 as a routing table entry?
  route add gw $INTERFACE 192.168.0.201

  ... or something?

  what am i missing out?

ways to achieve 1:

- create a file /etc/ppp/peers/ip-up.d/90tinc which does
  /usr/sbin/tinc -n jekylVPNname

- other?

advice much appreciated,

l.

Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/