Re: Can anybody terminate an IP-IP tunnel for me?
Am 08.06.2007 um 05:41 schrieb Greg 'groggy' Lehey: How do I terminate the IP-IP tunnel at my end? I'm using OpenVPN for similar porposes, albeit on lower latency DSL links. OpenVPN can run over UDP or TCP, and can work through NAT, and even with dynamic IPs. Stefan -- Stefan Bethke [EMAIL PROTECTED] Fon +49 170 346 0140 ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can anybody terminate an IP-IP tunnel for me?
Am 08.06.2007 um 17:47 schrieb Oliver Fromme: While OpenVPN works well usually, it is generally not advisable to run it over TCP, especially if your link is not guaranteed to have 0% packet loss, which might be the case for satellite links. Running OpenVPN over UDP is fine. Sure, but slightly less than perfect connectivity is still better than none: being stuck on a corporate network, where you can use the proxy to establish a TCP connection to port 443, for example. Stefan -- Stefan Bethke [EMAIL PROTECTED] Fon +49 170 346 0140 ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can anybody terminate an IP-IP tunnel for me?
Stefan Bethke wrote: Greg 'groggy' Lehey wrote: How do I terminate the IP-IP tunnel at my end? I'm using OpenVPN for similar porposes, albeit on lower latency DSL links. OpenVPN can run over UDP or TCP, and can work through NAT, and even with dynamic IPs. While OpenVPN works well usually, it is generally not advisable to run it over TCP, especially if your link is not guaranteed to have 0% packet loss, which might be the case for satellite links. Running OpenVPN over UDP is fine. That problem has been discussed and explained quite often in various forums. Here's one of them: http://sites.inka.de/sites/bigred/devel/tcp-tcp.html I've used OpenVPN myself to tunnel official IP addresses to my (dynamic) DSL link at home. You need to have a server outside somewhere, of course, but that shouldn't be a problem. Here in .de you can rent a good root server for = 50 Euro per month (good means you can install FreeBSD remotely without difficulty). I guess it's not much different in .au or elsewhere in the world. And if you share it with a few friends or collegues, then the costs are even less. That's how I've done it; I share a 50 Euro root server with three friends, so I pay only 12,50 per month. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd Python is an experiment in how much freedom programmers need. Too much freedom and nobody can read another's code; too little and expressiveness is endangered. -- Guido van Rossum ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can anybody terminate an IP-IP tunnel for me?
I've used OpenVPN myself to tunnel official IP addresses to my (dynamic) DSL link at home. You need to have a server outside somewhere, of course, but that shouldn't I find that vtun is a pretty reliable and less heavyweight solution for this- I use it to get a tunnel to a secondary lab of mine (at my mom's house) which only has dynamic IP. The only problem here is that this isn't a solution for providing routing for somebody else's Class C block. -matt ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can anybody terminate an IP-IP tunnel for me?
On 08.06.2007, at 20:31, [EMAIL PROTECTED] wrote: The only problem here is that this isn't a solution for providing routing for somebody else's Class C block. Why? inetnum: 192.109.197.0 - 192.109.197.255 netname: LEMIS-LAN descr:LEMIS Lehey Microcomputer Systems descr:D-W-6324 Feldatal descr:Germany country: DE admin-c: GL3-RIPE tech-c: GL3-RIPE rev-srv: allegro.lemis.de rev-srv: ns.cls.net rev-srv: ns.maz.net mnt-by: AS2871-MNT status: ASSIGNED PI source: RIPE # Filtered Its current provider was able to add it to their AS, too so it shouldn't be that much of a problem in Australia. I remember my ISP (QSC Germany) being a bit too... unexperienced at first so they sent me on to one of their resellers (who knew how to configure BGP) and they warned me that they wouldn't accept anything less than a /22 but things might be a bit different on the wrong side of the planet. I'd just get the defunct rev-srv records out of the database entry and send an update for the ownership records. Achim ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can anybody terminate an IP-IP tunnel for me?
On 08.06.2007, at 20:31, [EMAIL PROTECTED] wrote: The only problem here is that this isn't a solution for providing routing for somebody else's Class C block. Why? inetnum: 192.109.197.0 - 192.109.197.255 netname: LEMIS-LAN descr:LEMIS Lehey Microcomputer Systems descr:D-W-6324 Feldatal descr:Germany country: DE admin-c: GL3-RIPE tech-c: GL3-RIPE rev-srv: allegro.lemis.de rev-srv: ns.cls.net rev-srv: ns.maz.net mnt-by: AS2871-MNT status: ASSIGNED PI source: RIPE # Filtered Its current provider was able to add it to their AS, too so it shouldn't be that much of a problem in Australia. I remember my ISP (QSC Germany) being a bit too... unexperienced at first so they sent me on to one of their resellers (who knew how to configure BGP) and they warned me that they wouldn't accept anything less than a /22 but things might be a bit different on the wrong side of the planet. I'd just get the defunct rev-srv records out of the database entry and send an update for the ownership records. In general ISPs are now very reluctant do less than a /22 or larget if it's not carved out of one of their blocks. It was a fair amount of hunting around in Menlo Park for me to find somebody to route FERAL.COM, and the big home serving ISPs like Sprint and Yahoo!/SBC were completely clueless about being asked if they would do so- even for a fee. -matt ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Can anybody terminate an IP-IP tunnel for me?
In a few weeks' time I'll be moving house, and it looks as if the new address currently doesn't have ADSL, so I'll be forced to use satellite again. I've done some investigation, and the costs don't look too prohibitive, but almost nobody is prepared to route my /24 net block (192.109.197.0/24). One alternative would be to route the block through an IP-IP tunnel from somewhere else in the Internet. I see a couple of potential problems with this approach: * I need somebody to provide the service. Do you know of anybody who can help here, for a reasonable price, or can you help yourself? Somewhere in Australia would be better, but given the satellite delay it could be almost anywhere in the world. I'd be looking to route about 2 GB a month, and the download speed of the satellite link is limited to 1 MB/s. * How do I terminate the IP-IP tunnel at my end? The last time I used it, I had a static IP address for the end of the link, and another for the end of the tunnel, which implies routing that address. This won't work in the scenario I'm looking at. Is it possible to route the tunnel to the same address as the external interface IP address? Alternatively, is there another way to handle this issue? Greg -- See complete headers for address and phone numbers. pgppgZ3boUE0Z.pgp Description: PGP signature
IP tunnel
Can anyone tell me the difference between nos-tun(8) and gif(4) (Other than IPv6)? I want to create a tunnel between 2 networks (IPv4), 2 FreeBSD boxes... will one of these work or is this a different type of tunnel. I am familiar with Cisco tunnelling, I am assuming a similar concept. Anyone doing this already, if so sample configs? Is it possible? Thanks. Nick Rogness - Speak softly and carry a Gigabit switch. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: IP tunnel
Can anyone tell me the difference between nos-tun(8) and gif(4) (Other than IPv6)? I want to create a tunnel between 2 networks (IPv4), 2 FreeBSD boxes... will one of these work or is this a different type of tunnel. I am familiar with Cisco tunnelling, I am assuming a similar concept. Anyone doing this already, if so sample configs? Is it possible? I'm using nos-tun(8) between Cisco 2610/1720 routers and FBSD machines to make various subnets show up where they shouldn't... I have a /24 at one office and a /25 at another one -- wanted to have a /29 from each of these appear at my house. Works quite well... mike To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
