[MLB-WIRELESS] possible vpn and public ip address allocation option
Roger Plant
rplant at melbpc.org.au
Mon Mar 15 19:27:19 EST 2010
Hi,
At the last couple of melbourne wireless meetings, there has been discussion of providing
some public IP addresses, and also for providing access to the melbourne wireless network
from outside (linking unconnected nodes via the internet).
I have been looking at the router board, and it appears it would be ideal to implement much
of both of these options with.
My suggestion is to use it's pptp server functionality. --With it's encryption turned off--.
pptp is widely available, and simple, (and security hopefully isn't a major issue here yet...)
The router board has a simple to use ppp user manager, (and will also use radius, if
available) You can create different profiles, and set up users as required.
So an internal user, can configure their router to dial out to the router board using pptp and it
will give them a static public ip address based on their username.
A single public IP address will be sufficient for many users, and this hands them out quite
efficiently (being a /32 address), and saves a little routing space, as it's tunnelled.
Larger groups of public addresses can be handled by routing them normally. (Nothing to do
with the router board)
An external user, can dial in to the router board using pptp. It would give them a dynamic
10.10.x.x address (once again based on their username), they would then have full access to
the internal melbourne wireless network.
There is some potential MTU issues, but the routerboard can be configured to adjust the tcp
MSS, so it shouldn't be a major problem.
The routerboard would be behind the main melbourne wireless internet access router.
Amount of infrastructure required (to get a basic system working): 1 * routerboard.
pptp client required at users end.
There may be some (hopefully minor) changes required on the main internet access router.
I have used the rb450g, and it's quite brisk, (I couldn't guess how many active users you
could reasonably hang off it at once though)
You also get some basic per user usage information, (And presumably more if radius is
available)
I hope this makes sense.
Regards
Roger
----------------------------
Roger Plant
More information about the Melbwireless
mailing list