[MLB-WIRELESS] possible vpn and public ip address allocation option

David Coles coles.david at gmail.com
Tue Mar 16 19:15:06 EST 2010 

On Tue, 2010-03-16 at 16:16 +1100, Roger Plant wrote:
> >Actually, there is no real need for a public IP address at the client - only
> >one public address for the VPN server is required.  The VPN client interface
> >need only be a private address on the MW range (10.10.0.0/16)
> 
> I think one of the aims of having a public ip address at the user was so they can
> run a publicly accessible server, they have a public ip, and can run services on it as they 
> wish.

Yep. And it works quite well.

For the past few months I've had an OpenVPN server running on my node
(jqy.dcoles.net) which has been used by mr_russ and SeeKayDee (and one
other interested user) to provide access to the network. Certainly seems
to be an attractive option.

SeeKayDee and I set this up to provide a backup link when the link
between GHO and ILC went down (effectively partitioning the network).
We're also using it at the moment while ILE is out of action. We're
running OSPF with very high cost route across it, so it should only be
used if a link goes down.

> Just so long as they don't have something excessively popular, that breaks melbourne 
> wireless, but I notice rate limiting is available.

Ideally an "official" VPN access point should be located at the network
edge (rather than going in and the out of the network). Tim had proposed
either IP-IP or GRE tunnels (since these are supported by the edge
router) and would be very suitable for something like a inter-state link
(to Sydney or Adelaide Wireless).

Unfortunately these protocols don't work quite so well with dynamic
addresses so, for temporary (or trial) access, having a negotiated
protocol like OpenVPN, PPTP or L2TP would be a better option. Mike's
generous offer of a RouterBoard would be an excellent solution - it's
what I've been using at home - and I'm sure we can come up with some way
to provide Radius or some other form of identification from
melbournewireless.org.au.

Just my 2-cents,

David Coles,
Node JQY
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.wireless.org.au/pipermail/melbwireless/attachments/20100316/d6b425fb/attachment.sig>

More information about the Melbwireless mailing list