dynamic authenticated tunnel set-up

To: netbsd-users%netbsd.org@localhost
Subject: dynamic authenticated tunnel set-up
From: Paul Goyette <paul%whooppee.com@localhost>
Date: Wed, 12 Feb 2014 12:08:05 -0800 (PST)

In the not-too-distant future, I'll be moving overseas, to a location wherefixed IPv4 network addresses are unavailable (or at least, they will beprohibitively expensive!)

I'm planning to get a virtual machine in a US location, with a single fixedIPv4 address. All of my other machines will be sitting behind some ISP's NATdevice. And that ISP doesn't do IPv6.

I would like to set things up so that my US-based virtual host is a backup MXmail server for my domain, and one of the behind-the-NAT machines would be theprimary mail server.

I can get an adequate supply of fixed IPv6 addresses from the company thathosts the US-based virtual machine, so I can assign addresses to thebehind-the-NAT machines. But I would need some sort of tunnel between thevirtual host and the rest of the machines.

I know I can set this up using "ssh -w" and tun(4) devices, but the ssh manpage seems to indicate that this is not necessarily a good solution (due tosignificant overhead?).


So I'm looking for other options.  My primary requirements are fairly simple:

* the tunnel needs to be established regardless of the address/port being usedon the behind-the-NAT end

* the tunnel establishment must be authenticated in some manner, so that onlymy systems can connect

* the outer (encapsulating) protocol must be IPv4, while the inner(encapsulated) protocol must be IPv6

* it would also be highly desired that the tunnel establishment occurautomatically, and with automatic retry if the connection drops


Any suggestions on something simple?



-------------------------------------------------------------------------
| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:       |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com    |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net |
| Kernel Developer |                          | pgoyette at netbsd.org  |
-------------------------------------------------------------------------

Follow-Ups:
- Re: dynamic authenticated tunnel set-up
  - From: Greg Troxel
- Re: dynamic authenticated tunnel set-up
  - From: Brett Lymn
- Re: dynamic authenticated tunnel set-up
  - From: Stephen Borrill
- Re: dynamic authenticated tunnel set-up
  - From: Christos Zoulas

Prev by Date: Re: Trying to boot from USB pendrive image on a netbook
Next by Date: Re: dynamic authenticated tunnel set-up
Previous by Thread: 6.1.3 - computer resets!
Next by Thread: Re: dynamic authenticated tunnel set-up
Indexes:

Home | Main Index | Thread Index | Old Index