In the not-too-distant future, I'll be moving overseas, to a location where
fixed IPv4 network addresses are unavailable (or at least, they will be
prohibitively expensive!)
I'm planning to get a virtual machine in a US location, with a single fixed
IPv4 address. All of my other machines will be sitting behind some ISP's NAT
device. And that ISP doesn't do IPv6.
I would like to set things up so that my US-based virtual host is a backup MX
mail server for my domain, and one of the behind-the-NAT machines would be
the primary mail server.
I can get an adequate supply of fixed IPv6 addresses from the company that
hosts the US-based virtual machine, so I can assign addresses to the
behind-the-NAT machines. But I would need some sort of tunnel between the
virtual host and the rest of the machines.
I know I can set this up using "ssh -w" and tun(4) devices, but the ssh man
page seems to indicate that this is not necessarily a good solution (due to
significant overhead?).
So I'm looking for other options. My primary requirements are fairly simple:
* the tunnel needs to be established regardless of the address/port being
used on the behind-the-NAT end
* the tunnel establishment must be authenticated in some manner, so that only
my systems can connect
* the outer (encapsulating) protocol must be IPv4, while the inner
(encapsulated) protocol must be IPv6
* it would also be highly desired that the tunnel establishment occur
automatically, and with automatic retry if the connection drops
Any suggestions on something simple?