Address Variabme for Roadwarriors]

Lonnie Cumberland lonnie at neenet.com
Mon Oct 25 13:38:30 CEST 2004 

Thanks again Guus,

I think I understand and hopefully have been able to explain a little 
clearer what I am trying to do. I really appreciate all of your patience.

Just so that we are talking about the same thing here as actually we 
could think if it like this.

       R (VPN DNS+DHCP Server)
      /  \      
    A  B     
         / \    
       C  D  
               
Where A, B, C, D are all roadwarriors and I want to allow A, B to 
connect to R (Office VPN DNS+DHCP Server to issue 10.x.x.x IP Addresses 
to A,B,C,D,.....

Now then C,D (Also roadwarriors) need to be able to "ConnectTo" B 
(roadwarrior) as well and "B" does not use DynDNS service.

So with this design, the DHCP server will lease 10.x.x.x IP addresses to 
A,B,C,D when the bring up their tincd nodes and then the DNS will allow 
roadwarriors (C,D)  to "ConnectTo" roadwarrior (B).

The reason for this is also that node (B) may disconnect from the office 
Server (R) at some time. and thus there would be a small vpn network 
made up of B,C,D nodes.

This is the design that I am shooting for.

Thanks again,
Lonnie



Guus Sliepen wrote:

>On Sun, Oct 24, 2004 at 07:39:20PM -0500, Lonnie Cumberland wrote:
>
>  
>
>>For example, if I were a roadwarrior then when I connect to the internet 
>>and start up my tincd it would make a connection with a know host like 
>>"www.realcompany.com" so that it can talk to our private VPN DNS and be 
>>given a name like lonnie.internalnetwork.com maybe something like 
>>10.0.0.21 as the IP.  Then bob, who is also making a roadwarrior 
>>connection would connect to the VPN at "www.realcompany.com" to be able 
>>to see the VPN DNS and could then be assigned "bob.internalnetwork.com" 
>>with 10.1.34.22 for example but could also resolve my name for his 
>>ConnectTo. 
>>    
>>
>[...]
>  
>
>>This way roadwarriors can also run the tincd daemons and have other 
>>roadwarriors connect to them without having to utilize a service like 
>>"dynDNS".
>>    
>>
>
>Okay, so you have two roadwarriors, A and B, and www.realcompany.com R,
>like this:
>
>   R
>  / \
> A   B
>
>And now you want to use the DNS server on R to make a connection between
>A and B. However, with tinc, once both A and B are connected to R, A and
>B can already exchange data with each other via the VPN directly, you
>don't need those extra ConnectTo's.
>
>  
>
>>I am trying to have a way to utilize the private vpn dns that can be 
>>seen on the 10.x.x.x network to resolve our roadwarriors so that some of 
>>them can connect ot each other as well without using external services 
>>like DynDNS and having to register "real" host names for each 
>>roadwarrior in an internet service as we can run our own DNS ( and 
>>possibly DHCP ) servers to do these jobs on our 10.x.x.x vpn network.
>>    
>>
>
>If you still want to do that, then you can use host-up scripts on R to
>update DNS whenever a host connects, like this:
>
>hosts/A-up:
>
>#!/bin/sh
>DNSSERVER = <ip address of DNS server>
>ZONE = realaddress.vpn
>TTL = 60
>nsupdate << EOF
>  server $DNSSERVER
>  update delete $NODE.$ZONE A
>  update add $NODE.$ZONE $TTL A $REMOTEADDRESS
>EOF
>
>And in hosts/A-down, you can do the same but omit the "update add"
>command. The result of the A-up script is that when A connects to R, R
>sends a DNS update to the DNS server and replaces the IP address for the
>hostname A.realaddress.vpn with the real IP address used by A's tincd.
>You have to configure the DNS server to accept updates from R for this
>zone, of course.
>
>Now you can just put "Address = A.realaddress.vpn" in the hosts/A files.
>
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>tinc mailing list
>tinc at tinc-vpn.org
>http://brouwer.uvt.nl/cgi-bin/mailman/listinfo/tinc
>  
>

More information about the tinc mailing list