Address Variabme for Roadwarriors]

Guus Sliepen guus at sliepen.eu.org
Mon Oct 25 10:25:52 CEST 2004 

On Sun, Oct 24, 2004 at 07:39:20PM -0500, Lonnie Cumberland wrote:

> For example, if I were a roadwarrior then when I connect to the internet 
> and start up my tincd it would make a connection with a know host like 
> "www.realcompany.com" so that it can talk to our private VPN DNS and be 
> given a name like lonnie.internalnetwork.com maybe something like 
> 10.0.0.21 as the IP.  Then bob, who is also making a roadwarrior 
> connection would connect to the VPN at "www.realcompany.com" to be able 
> to see the VPN DNS and could then be assigned "bob.internalnetwork.com" 
> with 10.1.34.22 for example but could also resolve my name for his 
> ConnectTo. 
[...]
> This way roadwarriors can also run the tincd daemons and have other 
> roadwarriors connect to them without having to utilize a service like 
> "dynDNS".

Okay, so you have two roadwarriors, A and B, and www.realcompany.com R,
like this:

   R
  / \
 A   B

And now you want to use the DNS server on R to make a connection between
A and B. However, with tinc, once both A and B are connected to R, A and
B can already exchange data with each other via the VPN directly, you
don't need those extra ConnectTo's.

> I am trying to have a way to utilize the private vpn dns that can be 
> seen on the 10.x.x.x network to resolve our roadwarriors so that some of 
> them can connect ot each other as well without using external services 
> like DynDNS and having to register "real" host names for each 
> roadwarrior in an internet service as we can run our own DNS ( and 
> possibly DHCP ) servers to do these jobs on our 10.x.x.x vpn network.

If you still want to do that, then you can use host-up scripts on R to
update DNS whenever a host connects, like this:

hosts/A-up:

#!/bin/sh
DNSSERVER = <ip address of DNS server>
ZONE = realaddress.vpn
TTL = 60
nsupdate << EOF
  server $DNSSERVER
  update delete $NODE.$ZONE A
  update add $NODE.$ZONE $TTL A $REMOTEADDRESS
EOF

And in hosts/A-down, you can do the same but omit the "update add"
command. The result of the A-up script is that when A connects to R, R
sends a DNS update to the DNS server and replaces the IP address for the
hostname A.realaddress.vpn with the real IP address used by A's tincd.
You have to configure the DNS server to accept updates from R for this
zone, of course.

Now you can just put "Address = A.realaddress.vpn" in the hosts/A files.

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20041025/66ea4934/attachment-0001.pgp

More information about the tinc mailing list