[Noisebridge-discuss] Agora Link Service
Andy Isaacson
adi at hexapodia.org
Wed Jan 27 17:49:55 UTC 2010
On Wed, Jan 27, 2010 at 01:08:24AM -0800, Jonathan Lassoff wrote:
> > [noisebridge]
> > gatewayhost=pony.noisebridge.net
> > network=10.100.4.0/23
> >
> > Scroll down https://www.vpn.hamburg.ccc.de/tinc-chaosvpn.txt
>
> Ah, I see. This content isn't well linked, it seems.
>
> Cool, so this looks like a point-to-multipoint IPv4 L3VPN using tinc.
> Looks like there's some configuration on pony, but it's not fully setup.
>
> Eric, did you set that up? Want me to get it working?
I don't recall who set it up. It'd be great to get it running well on
pony as a first step.
> One thing that comes to mind though: should this be routed through pony
> and the same internal network that everyone at 2169 uses?
> Currently, the local DHCP daemon points people's default routes at the
> router in the Soekris host. We could enable forwarding and firewalling
> on pony and point the Soekris' routes for ChaosVPN IP space at pony's
> internal IP, and this could all "just work" (well, "just route").
>
> But should pony be reachable via the ChaosVPN and should internal users
> be able to NAT to some ChaosVPN IP space for things within this
> darknet/VPN?
I think that sounds great!
We would like to avoid having double-NAT or putting too much
administration / software on our core soekris (to avoid destabilizing
the core network functionality); could we route 10/8 from the soekris to
another machine to run tinc on?
Or, alternatively, I suppose users could manually set their gateway to a
fixed address to get ChaosVPN access. 172.30.13.37 anyone? :)
> Alternatively, we could create a separate layer-2 / switch network to
> connect users to this VPN network.
That'd be fine too.
> What do people on the list think? Would you like to have tunneled IP
> connectivity to other hackerspaces while you're at 2169?
Love it.
-andy
More information about the Noisebridge-discuss
mailing list