Address Variabme for Roadwarriors]
Lonnie Cumberland
lonnie at neenet.com
Mon Oct 25 13:48:46 CEST 2004
Well,
my picture did not come out good so to simplity.
Just take your original picture of R, A, B and consider them all to be
roadwarriors so then I can ask "how can I use another server that is
running a DNS+DHCP services to assign 10.x.x.x ip addresses to all of
the nodes (R, A, B) such that they can see each other.
I guess that this could all be resolved if you could tell me more about
how the "switch" mode works on tinc so that I can implement the DHCP
services for the oadwarriors?
Thanks and I hope that this clears up things.
Have a good day,
Lonnie
Lonnie Cumberland wrote:
> Thanks again Guus,
>
> I think I understand and hopefully have been able to explain a little
> clearer what I am trying to do. I really appreciate all of your patience.
>
> Just so that we are talking about the same thing here as actually we
> could think if it like this.
>
> R (VPN DNS+DHCP Server)
> / \ A B / \ C D
> Where A, B, C, D are all roadwarriors and I want to allow A, B to
> connect to R (Office VPN DNS+DHCP Server to issue 10.x.x.x IP
> Addresses to A,B,C,D,.....
>
> Now then C,D (Also roadwarriors) need to be able to "ConnectTo" B
> (roadwarrior) as well and "B" does not use DynDNS service.
>
> So with this design, the DHCP server will lease 10.x.x.x IP addresses
> to A,B,C,D when the bring up their tincd nodes and then the DNS will
> allow roadwarriors (C,D) to "ConnectTo" roadwarrior (B).
>
> The reason for this is also that node (B) may disconnect from the
> office Server (R) at some time. and thus there would be a small vpn
> network made up of B,C,D nodes.
>
> This is the design that I am shooting for.
>
> Thanks again,
> Lonnie
>
>
>
> Guus Sliepen wrote:
>
>> On Sun, Oct 24, 2004 at 07:39:20PM -0500, Lonnie Cumberland wrote:
>>
>>
>>
>>> For example, if I were a roadwarrior then when I connect to the
>>> internet and start up my tincd it would make a connection with a
>>> know host like "www.realcompany.com" so that it can talk to our
>>> private VPN DNS and be given a name like lonnie.internalnetwork.com
>>> maybe something like 10.0.0.21 as the IP. Then bob, who is also
>>> making a roadwarrior connection would connect to the VPN at
>>> "www.realcompany.com" to be able to see the VPN DNS and could then
>>> be assigned "bob.internalnetwork.com" with 10.1.34.22 for example
>>> but could also resolve my name for his ConnectTo.
>>
>> [...]
>>
>>
>>> This way roadwarriors can also run the tincd daemons and have other
>>> roadwarriors connect to them without having to utilize a service
>>> like "dynDNS".
>>>
>>
>>
>> Okay, so you have two roadwarriors, A and B, and www.realcompany.com R,
>> like this:
>>
>> R
>> / \
>> A B
>>
>> And now you want to use the DNS server on R to make a connection between
>> A and B. However, with tinc, once both A and B are connected to R, A and
>> B can already exchange data with each other via the VPN directly, you
>> don't need those extra ConnectTo's.
>>
>>
>>
>>> I am trying to have a way to utilize the private vpn dns that can be
>>> seen on the 10.x.x.x network to resolve our roadwarriors so that
>>> some of them can connect ot each other as well without using
>>> external services like DynDNS and having to register "real" host
>>> names for each roadwarrior in an internet service as we can run our
>>> own DNS ( and possibly DHCP ) servers to do these jobs on our
>>> 10.x.x.x vpn network.
>>>
>>
>>
>> If you still want to do that, then you can use host-up scripts on R to
>> update DNS whenever a host connects, like this:
>>
>> hosts/A-up:
>>
>> #!/bin/sh
>> DNSSERVER = <ip address of DNS server>
>> ZONE = realaddress.vpn
>> TTL = 60
>> nsupdate << EOF
>> server $DNSSERVER
>> update delete $NODE.$ZONE A
>> update add $NODE.$ZONE $TTL A $REMOTEADDRESS
>> EOF
>>
>> And in hosts/A-down, you can do the same but omit the "update add"
>> command. The result of the A-up script is that when A connects to R, R
>> sends a DNS update to the DNS server and replaces the IP address for the
>> hostname A.realaddress.vpn with the real IP address used by A's tincd.
>> You have to configure the DNS server to accept updates from R for this
>> zone, of course.
>>
>> Now you can just put "Address = A.realaddress.vpn" in the hosts/A files.
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://brouwer.uvt.nl/cgi-bin/mailman/listinfo/tinc
>>
>>
>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://brouwer.uvt.nl/cgi-bin/mailman/listinfo/tinc
>
>
More information about the tinc
mailing list