Re: [44net] Adding VPN server at UCSD ?

On 22 Jul 2019, at 12:32, Rob Janssen via 44Net <44net(a)mailman.ampr.org> wrote: I think he means "after I connect to a VPN server in the USA or e.g. in Greece, how do I make it send the traffic for my Israelian subnet to me over that connection". That is by far not that complicated. He only needs to connect to that VPN server, he will get an IP from the address space of that server, and setup BGP over that connection (using an agreed-upon private AS number) and announce his own Israelian subnet. The BGP protocol will then exchange this information with all other interconnected VPN servers and they will all route his subnet to the VPN server he is connected to, and that will route it to him. Traffic from internet will still be routed to UCSD as part of the default network announcement, and the router there will first route it to the VPN server he is connected to, then to him. No need to announce his /24 on internet explicitly! Of course this gets more difficult when the IPIP mesh is kept in place and is used as backbone. Then the VPN gateway he connects to needs to add his subnet to its list of handled subnets, via the portal. This means he can connect only to a single VPN server and have working routing. When that server goes down, he would have to arrange that the portal information is changed, the subnet being removed from that gateway and added to another. Without IPIP, he could simply connect to two or more VPN servers at the same time, and as long as one of them is working he has connectivity to everywhere. Rob _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net