Serge,
> > > > *> Automatically builds tunnels through firewalls and NATs without any > further> setup (for example, port forwarding).I would not appreciate > something which "automatically" (whatever itmeans) traverse my firewalls, > to be honest. We should treat our dataseriously, Brian.* First, a sysadmin person has to install/setup/configure PeerVPN on each server so I guess like installing/configuring TINC or any other VPN solution there is some assumption of some sort of "trust" in that person's work. Second, in PeerVPN's configuration file <https://github.com/peervpn/peervpn/blob/master/peervpn.conf> on each server you (re the sysadmin) have to specify 2 security related items: PORT xxxxx # the Port to be opened/used by PeerVPN But you point out a good question - regarding that bullet by the author on the PeerVPN web page. Tobias Volk may be referring to something else as *it CLEARLY states in the short PeerVPN tutorial <https://peervpn.net/tutorial/> you MUST port-forward the "port" configured for PeerVPN to use if Nodes are behind a NAT. * *I know PeerVPN doesn't work if you have not done that from my own use.:* *Configuration of node A* > Create the peervpn.conf of Node A with the following content: port 7000 > networkname ExampleNet > psk mysecretpassword > enabletunneling yes > interface peervpn0 > ifconfig4 10.8.0.1/24 This will open UDP port 7000 and create a virtual ethernet interface with > the name peervpn0 and the IP address 10.8.0.1. Please note that Node A needs to be directly reachable from Node B. > *If Node A is behind a NAT device, you will have to forward port 7000. * *Configuration of node B* > Create the peervpn.conf of Node B with the following content: port 7000 > networkname ExampleNet > psk mysecretpassword > enabletunneling yes > interface peervpn0 > ifconfig4 10.8.0.2/24 > initpeers node-a.example.com 7000 Replace node-a.example.com with the real address of Node A. Further there is the shared PSK crypto key generation that also limits connections to "peers" sharing the "same" PSK "seed" in the configuration file. In a PeerVPN mesh different server/hosts can have multiple PSK "seed" configured to allow any 1 host to "peer" with different specific systems in the "mesh" who have a matching PSK "seed" configured. I can email Tobias and ask for clarification as to what "bullet" means. Brian
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
