[MLB-WIRELESS] possible vpn and public ip address allocation option

Roger Plant rplant at melbpc.org.au
Mon Mar 15 19:27:19 EST 2010


Hi,

At the last couple of melbourne wireless meetings, there has been discussion of providing 
some public IP addresses, and also for providing access to the melbourne wireless network 
from outside (linking unconnected nodes via the internet).

I have been looking at the router board, and it appears it would be ideal to implement much 
of both of these options with.

My suggestion is to use it's pptp server functionality. --With it's encryption turned off--.
pptp is widely available, and simple, (and security hopefully isn't a major issue here yet...)

The router board  has a simple to use ppp user manager, (and will also use radius, if 
available) You can create different profiles, and set up users as required.

So an internal user,  can configure their router to dial out to the router board using pptp and it 
will give them a static public ip address based on their username.

A single public IP address will be sufficient for many users, and this hands them out quite 
efficiently (being a /32 address), and saves a little routing space, as it's tunnelled.

Larger groups of public addresses can be handled by routing them normally. (Nothing to do 
with the router board)

An external user, can dial in to the router board using pptp. It would give them a dynamic 
10.10.x.x address (once again based on their username), they would then have full access to 
the internal melbourne wireless network.

There is some potential MTU issues, but the routerboard can be configured to adjust the tcp 
MSS, so it shouldn't be a major problem.

The routerboard would be behind the main melbourne wireless internet access router.

Amount of infrastructure required (to get a basic system working): 1 * routerboard.
pptp client required at users end.

There may be some (hopefully minor) changes required on the main internet access router.

I have used the rb450g, and it's quite brisk, (I couldn't guess how many active users you 
could reasonably hang off it at once though)

You also get some basic per user usage information, (And presumably more if radius is 
available)

I hope this makes sense.

Regards
Roger












----------------------------
Roger Plant





More information about the Melbwireless mailing list