Re: Tunnelling some IPs out to my home LAN - BSD

This is a discussion on Re: Tunnelling some IPs out to my home LAN - BSD ; Begin On Fri, 5 Sep 2008 11:18:22 +0000 (UTC), John Levine wrote: > The broadband provider is BT who don't seem to provide anything as > simple as a modem that doesn't also include a NAT router. I suppose I ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Re: Tunnelling some IPs out to my home LAN

  1. Re: Tunnelling some IPs out to my home LAN

    Begin
    On Fri, 5 Sep 2008 11:18:22 +0000 (UTC), John Levine wrote:
    > The broadband provider is BT who don't seem to provide anything as
    > simple as a modem that doesn't also include a NAT router. I suppose I
    > might see what's on offer in the aftermarket.


    Many such things do come with a ``bridge only'' mode. In fact, the
    device in use here (something from siemens, and from a family of which I
    understand BT has several in service) in fact comes with NAT and so on,
    but I'm not supposed to use those features (so I don't) as the device
    was provided as a bridge only.

    As to the aftermarket, something that runs or can run a linux of sorts
    is probably preferrable to shoddy implementations of NAT, DHCP (and no
    DNS, nor caching) on obscure and buggy platforms.

    A soekris or pcengines board might also be an option.


    >>That depends on just what tunneling protocols are available on the
    >>devices involved, of course, so a better description of the available
    >>devices' capabilities might be in order.

    >
    > At both ends I have computers running FreeBSD. That is why I asked
    > here.


    Then you have quite a lot of options. If a simple gif(4) or gre(4)
    tunnel won't do, you could run ipsec, run a vpn using a client like
    openvpn, build something funky over netgraph, abuse ppp/tun, or probably
    several others. You may want to check if the handbook doesn't have an
    introduction into at least some of the options.

    But to simplify routing, it would be easiest to start the tunnel on the
    router that handles that /24, not on a machine within it, and if that's
    not a FreeBSD box, it helps to look at that now.


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    This message was originally posted on Usenet in plain text.
    Any other representation, additions, or changes do not have my
    consent and may be a violation of international copyright law.

  2. Re: Tunnelling some IPs out to my home LAN

    >Many such things do come with a ``bridge only'' mode.

    I'll take a look when it arrives next week, but I'm not holding my breath.

    >A soekris or pcengines board might also be an option.


    Still need the ADSL modem, unfortunately.

    >Then you have quite a lot of options. If a simple gif(4) or gre(4)
    >tunnel won't do, you could run ipsec, run a vpn using a client like
    >openvpn, build something funky over netgraph, abuse ppp/tun, or probably
    >several others. You may want to check if the handbook doesn't have an
    >introduction into at least some of the options.


    OK, will start there.

    >But to simplify routing, it would be easiest to start the tunnel on
    >the router that handles that /24, not on a machine within it, and if
    >that's not a FreeBSD box, it helps to look at that now.


    I think it's a linux box, but it supports a lot of other unrelated
    users and I'm reluctant to ask my ISP to mess with it. I suppose I
    could ask him to split the /24 into two /25's and add a static route
    to aim the upper (currently empty) /25 at an IP in the lower /25, but
    I was hoping I could fake a bridge, perhaps by publishing a bunch of
    static ARP entries to collect the traffic from the router.

    R's,
    John

  3. Re: Tunnelling some IPs out to my home LAN

    Begin
    On Fri, 5 Sep 2008 14:37:32 +0000 (UTC), John Levine wrote:
    [attribution missing]
    >>But to simplify routing, it would be easiest to start the tunnel on
    >>the router that handles that /24, not on a machine within it, and if
    >>that's not a FreeBSD box, it helps to look at that now.

    >
    > I think it's a linux box, but it supports a lot of other unrelated
    > users and I'm reluctant to ask my ISP to mess with it. I suppose I
    > could ask him to split the /24 into two /25's and add a static route
    > to aim the upper (currently empty) /25 at an IP in the lower /25, but
    > I was hoping I could fake a bridge, perhaps by publishing a bunch of
    > static ARP entries to collect the traffic from the router.


    There should be no harm in asking. In fact, they'll likely prefer
    knowing what you're doing, and might prefer giving you a tunnel on their
    router, as playing ARP tricks and/or tunneling through your box means
    all your home lan network traffic will pass through that router twice.

    I don't know what you're paying them for bandwidth beyond announcing
    the /24 for you, but expect having to work that issue out with them too.


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    This message was originally posted on Usenet in plain text.
    Any other representation, additions, or changes do not have my
    consent and may be a violation of international copyright law.

+ Reply to Thread