11 May
2019
11 May
'19
2:59 a.m.
On 11/05/19 16:38, Heikki Hannikainen wrote:
Nate,
If you run your own VPN server, which is connected to the ipencap
tunnel mesh, it is possible to further route subnets to VPN clients.
So, technically, it is *possible*.
Possible, yes. I have done this in a corporate
network setting.... BUT.
It's just not the intention of this particular VPN server to provide
that service, as it would require custom configs to be edited and
maintained for all clients wishing to get those subnets routed, and I
don't have the time to do that for everyone. The VPN server in it's
current form requires about zero maintenance (apart from operating
system security upgrades) as I don't need to tell the server about all
possible clients, it just trusts the LotW certificates and lets anyone
with a valid cert & private key to connect.
Correct. Your approach saves you a
lot of work in maintaining custom
configs. They are a lot of work, if you have a lot of users.
Fortunately, I only had a couple of subnets to route and a couple of
single PC users, which wasn't too onerous. But a public or semi-public
system is a different ball game, and your decision is a sound one from a
sustainability POV.
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com