can you run a "single" ip address over?
Guus Sliepen
guus at sliepen.eu.org
Tue Nov 11 22:56:41 CET 2003
On Tue, Nov 11, 2003 at 09:44:15PM +0000, Luke Kenneth Casson Leighton wrote:
> okay, well i finally got tinc to work (after correcting PrivateKey= to
> PrivateKeyFile...)
>
> now i am happy.
>
> _now_ i can do what i really wanted to do, which is to move my damn
> machine's configuration files over to a VPN'd box and not have to
> change the exim config etc. etc. whenever i move from place to place.
>
> so.
>
> in order to move further towards my goal, can i ask you some questions
> and advice?
>
> i have a computer that is behind a dial-up firewall box on a LAN.
> it is called highfield (a place i used to live).
>
> the firewall box is called hyd, it stays where it is.
>
> the other box, also behind another firewall, on an ADSL line,
> is called jekyl. it doesn't move, either.
>
> what i have set up is two tinc networks, 192.168.1.* (jekyl)
> and 192.168.0.* (hyd).
>
> now, what i _also_ want to be able to do is to do dial-up on highfield
> over a usb/GPRS link, and to NOT have to change its local ip address.
>
> _can_ i therefore create a network 192.168.0.200/255.255.255.255
> with only one IP address on it, the IP address of highfield?
Yes. Actually you do 192.168.0.200/255.255.0.0, and add Subnet =
192.168.0.200/32 to hosts/highfield.
> as follows in tinc-up:
> ifconfig $INTERFACE 192.168.0.201 netmask 255.255.255.254
ifconfig $INTERFACE 192.168.0.200 netmask 255.255.0.0
> and in hosts/highfield:
> Subnet 192.168.0.200/31
> Address highfield.dyndns.org
Subnet = 192.168.0.200/32
> 1) the dialup connection comes up, and IF and ONLY if it does, then
> tinc is started.
Then you should let the pppd or whatever dials up start tinc when it
made a connection. Alternatively, you can let tinc try to connect to hyd
all the time, and create a hosts/hyd-up script (which is called only
when there is a connection with hyd) that adds routes, and a
hosts/hyd-down script that removes the routes.
> 2) if tinc is successfully started, then the routing of all internet
> traffic, NOT just the local network traffic, goes via the VPN link.
>
> except, of course, the communication of the VPN traffic cannot go
> via the VPN itself because otherwise you end up with a hoover
> sucking up its own power cable...
That's a bit more tricky. You can do it with advanced routing in Linux
(you can route based on source address or port number), or you can route
everything except traffic to hyd itself, by manually adding a /32 route
to hyd on the Internet.
> - am i better off to try to use jekyl as my ftp and http proxy, all
> the time?
It's probably easier. Also, tinc compresses individual network packets,
if your proxy can compress it will compress ftp/http streams, which is
much more efficient.
> - can i write a tinc-up script that will re-route all the network
> traffic EXCEPT the VPN traffic itself?
>
> e.g. by having 192.168.0.201 as a routing table entry?
> route add gw $INTERFACE 192.168.0.201
Sure.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20031111/09f6ef9f/attachment.pgp
More information about the Tinc
mailing list