Can you make it only bridge specific ethernet type packets, and not
transfer anything else?
If so, that could be a good replacement for my bridge program.
Johnny
neozeed wrote:
OpenVPN will bridge, as I've done IPX/SPX over it... On Mon, Nov 9, 2009 at 10:31 AM, Sampsa Laine <sampsa at mac.com <mailto:sampsa at mac.com>> wrote:
Guys,
I realise that at the moment there aren't many people involved that
do not have static IPs but I think as time goes on consumer grade
ISPs are going to start cutting back on the amount of IPs a
residential customer can have.
With this in mind, might there be some mileage in setting up a VPN
for HECnet use? This way we would not need to worry about whether we
have public static IPs in the future (most VPNs are happy to work
with DYNDNS etc) and it would also add a layer of security to HECnet
without any changes needed to the bridge etc.
Sampsa
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol
Sampsa Laine wrote:
Guys,
I realise that at the moment there aren't many people involved that do not have static IPs but I think as time goes on consumer grade ISPs are going to start cutting back on the amount of IPs a residential customer can have.
With this in mind, might there be some mileage in setting up a VPN for HECnet use? This way we would not need to worry about whether we have public static IPs in the future (most VPNs are happy to work with DYNDNS etc) and it would also add a layer of security to HECnet without any changes needed to the bridge etc.
Add security?
You mean as in me opening my internal network to all kind of IP traffic
from any other HECnet user? As opposed to today, when they can only
transmit DECnet packets to my internal network?
Not forgetting that we'd still need the bridge software, since no VPN
solution I know of, is able to route DECnet natively.
And not to forget that DYNDNS is a security problem in itself. :-)
And we'd also still get the occasional disruption in traffic when
someones address do change, until the DNS is updated and propagated.
What we would gain would be an automatic recovery, which we don't have
today.
Maybe it would be more worthwile for someone to hack my bridge just a
little, so that changes in DNS names were discovered, and automatically
handled.
Heck, you don't even have to change my bridge program. Just add a small
monitoring program, who don't do anything else than regularly check if
any of the names in the bridge.conf file have changed to resolve to a
different IP address, and if so, send a HUP to the bridge program, and
we'll be back in business.
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol
Anyone try it of VMWare yet?
Sampsa
On 9 Nov 2009, at 17:46, neozeed wrote:
Speaking of Netware, I was attempting to install a relatively recent version of Netware on Sun's VirtualBox and it would always abort when detecting drives ... anyone on the list ever successfully get that working? (under any kind of VM?)
Cheers,
Fred
----
Lets call it for what it is - "legacy" is a term that people use in a
polite but derogatory manner to imply that the future direction they
prefer is not that which they view as the current direction.
I know qemu 0.9.0 can run it fine... I just tried 0.11 and the disk driver trips it up, just like Virtual box trips up on it as well....
the default isadisk sees no drives, and the ide doesn't work. Now I bet there is some 'fixes' out there but the netware people never were the good at making things.... sane.
I kicked off my install like this:
..\090\qemu-img.exe create -f qcow netware.disk 2G Formating 'netware.disk', fmt=qcow, size=2097152 kB
..\090\qemu.exe -L ..\090 -M isapc -m 16 -hda netware.disk -fda INSTALL.vfd -boot a
I'll have to get back on the networking though....
Speaking of Netware, I was attempting to install a relatively recent version of Netware on Sun's VirtualBox and it would always abort when detecting drives ... anyone on the list ever successfully get that working? (under any kind of VM?)
Cheers,
Fred
----
Lets call it for what it is - "legacy" is a term that people use in a
polite but derogatory manner to imply that the future direction they
prefer is not that which they view as the current direction.
I know qemu 0.9.0 can run it fine... I just tried 0.11 and the disk driver trips it up, just like Virtual box trips up on it as well....
the default isadisk sees no drives, and the ide doesn't work. Now I bet there is some 'fixes' out there but the netware people never were the good at making things.... sane.
I kicked off my install like this:
..\090\qemu-img.exe create -f qcow netware.disk 2G Formating 'netware.disk', fmt=qcow, size=2097152 kB
..\090\qemu.exe -L ..\090 -M isapc -m 16 -hda netware.disk -fda INSTALL.vfd -boot a
I'll have to get back on the networking though....
On Mon, 9 Nov 2009, Brian Hechinger wrote:
Oh, I know OpenVPN will, that's how I use it. I was asking about the
tunnel program Johnny wrote or Multinet. Sorry if I wasn't clear on
that.
I do know that if an address changes the Multinet "host" needs to be rebooted to pick up the new name. Multinet 5.3 is available to hobbyists and I sent an email to Hunter Goatley to see if it would be possible for Multinet to support dynamic addressing. He was going to check with the programming folks and see ... perhaps I'll send him another email and inquire.
If Multinet could support dynamic addressing it would eliminate lots of problems for us. (well, me ...) :)
Speaking of Netware, I was attempting to install a relatively recent version of Netware on Sun's VirtualBox and it would always abort when detecting drives ... anyone on the list ever successfully get that working? (under any kind of VM?)
Cheers,
Fred
----
Lets call it for what it is - "legacy" is a term that people use in a
polite but derogatory manner to imply that the future direction they
prefer is not that which they view as the current direction.
Thankfully I had 2 sets of floppy disks.. or this would have been really hard to come by...
Anyways I don't see why you can't use my 10 user version to test..
http://dl.dropbox.com/u/1694005/Novell%20Netware%203.12%2010%20user.rar
When I set it up I used Qemu 0.9.0 with a 'patch' that I had done to use SIMH's libpcap networking... I *think* the newer Qemu's do tap/tun support?
Also hecnet would need to be modified to allow the various frame types for netware... I can dig that out some more once I get netware installed.... I'll try the 0.11 stuff first but with the -M isa for the ISA ne2000 adapter...
On Mon, Nov 9, 2009 at 11:16 AM, Sampsa Laine <sampsa at mac.com> wrote:
Yeah, I'd be up for rolling out a Novell server - never done it before.
Sampsa
On 9 Nov 2009, at 16:13, neozeed wrote:
I found my notes on OpenVPN & bridging...
http://virtuallyfun.blogspot.com/2008/10/some-fun-networking-with-ms-dos-no…
if it helps any, the only 'static' ip that would be needed would be the server that is bridging its tap/tun to the hecnet.... And even that could be on dyndns...
I'm fishing around for my old Netware 3.12 diskettes to rebuild it for the heck of it today.
speaking of which, in the quest for alternate protocols, why not IPX/SPX?
On Mon, Nov 9, 2009 at 11:10 AM, Brian Hechinger <wonko at 4amlunch.net> wrote:
On Mon, Nov 09, 2009 at 07:58:59AM -0700, Zane H. Healy wrote:
> At 3:31 PM +0000 11/9/09, Sampsa Laine wrote:
> >I realise that at the moment there aren't many people involved that
> >do not have static IPs but I think as time goes on consumer grade
> >ISPs are going to start cutting back on the amount of IPs a
> >residential customer can have.
> >
> >With this in mind, might there be some mileage in setting up a VPN
> >for HECnet use? This way we would not need to worry about whether we
> >have public static IPs in the future (most VPNs are happy to work
> >with DYNDNS etc) and it would also add a layer of security to HECnet
> >without any changes needed to the bridge etc.
>
> I have to pay for a commercial line, and not simply the low-end
> commercial line, but a higher-grade one in order to get a static IP.
> That's part of why I have such a fast connection now. Honestly
> between the cost of the commercial line and the added electricity use
> it really isn't worth what it's costing me each month to keep this
> going since I don't really have time to mess with such things. :-(
Does it matter if the "client" end of the tunnel has a dynamic IP? If not
we only need a handful of static IPs. Once the new box gets put into place
at colo i was going to setup simh on it. I could be a massive routing hub
if people wanted to connect their tunnels to me.
-brian
--
"Coding in C is like sending a 3 year old to do groceries. You gotta
tell them exactly what you want or you'll end up with a cupboard full of
pop tarts and pancake mix." -- IRC User (http://www.bash.org/?841435)
On Mon, Nov 09, 2009 at 11:13:05AM -0500, neozeed wrote:
I found my notes on OpenVPN & bridging...
Oh, I know OpenVPN will, that's how I use it. I was asking about the
tunnel program Johnny wrote or Multinet. Sorry if I wasn't clear on
that.
I do run OpenVPN on my colo server, so I'd just have to generate certs
for anyone who wants to use it.
-brian
--
"Coding in C is like sending a 3 year old to do groceries. You gotta
tell them exactly what you want or you'll end up with a cupboard full of
pop tarts and pancake mix." -- IRC User (http://www.bash.org/?841435)
Yeah, I'd be up for rolling out a Novell server - never done it before.
Sampsa
On 9 Nov 2009, at 16:13, neozeed wrote:
I found my notes on OpenVPN & bridging...
http://virtuallyfun.blogspot.com/2008/10/some-fun-networking-with-ms-dos-no…
if it helps any, the only 'static' ip that would be needed would be the server that is bridging its tap/tun to the hecnet.... And even that could be on dyndns...
I'm fishing around for my old Netware 3.12 diskettes to rebuild it for the heck of it today.
speaking of which, in the quest for alternate protocols, why not IPX/SPX?
On Mon, Nov 9, 2009 at 11:10 AM, Brian Hechinger <wonko at 4amlunch.net> wrote:
On Mon, Nov 09, 2009 at 07:58:59AM -0700, Zane H. Healy wrote:
> At 3:31 PM +0000 11/9/09, Sampsa Laine wrote:
> >I realise that at the moment there aren't many people involved that
> >do not have static IPs but I think as time goes on consumer grade
> >ISPs are going to start cutting back on the amount of IPs a
> >residential customer can have.
> >
> >With this in mind, might there be some mileage in setting up a VPN
> >for HECnet use? This way we would not need to worry about whether we
> >have public static IPs in the future (most VPNs are happy to work
> >with DYNDNS etc) and it would also add a layer of security to HECnet
> >without any changes needed to the bridge etc.
>
> I have to pay for a commercial line, and not simply the low-end
> commercial line, but a higher-grade one in order to get a static IP.
> That's part of why I have such a fast connection now. Honestly
> between the cost of the commercial line and the added electricity use
> it really isn't worth what it's costing me each month to keep this
> going since I don't really have time to mess with such things. :-(
Does it matter if the "client" end of the tunnel has a dynamic IP? If not
we only need a handful of static IPs. Once the new box gets put into place
at colo i was going to setup simh on it. I could be a massive routing hub
if people wanted to connect their tunnels to me.
-brian
--
"Coding in C is like sending a 3 year old to do groceries. You gotta
tell them exactly what you want or you'll end up with a cupboard full of
pop tarts and pancake mix." -- IRC User (http://www.bash.org/?841435)
I found my notes on OpenVPN & bridging...
http://virtuallyfun.blogspot.com/2008/10/some-fun-networking-with-ms-dos-no…
if it helps any, the only 'static' ip that would be needed would be the server that is bridging its tap/tun to the hecnet.... And even that could be on dyndns...
I'm fishing around for my old Netware 3.12 diskettes to rebuild it for the heck of it today.
speaking of which, in the quest for alternate protocols, why not IPX/SPX?
On Mon, Nov 9, 2009 at 11:10 AM, Brian Hechinger <wonko at 4amlunch.net> wrote:
On Mon, Nov 09, 2009 at 07:58:59AM -0700, Zane H. Healy wrote:
> At 3:31 PM +0000 11/9/09, Sampsa Laine wrote:
> >I realise that at the moment there aren't many people involved that
> >do not have static IPs but I think as time goes on consumer grade
> >ISPs are going to start cutting back on the amount of IPs a
> >residential customer can have.
> >
> >With this in mind, might there be some mileage in setting up a VPN
> >for HECnet use? This way we would not need to worry about whether we
> >have public static IPs in the future (most VPNs are happy to work
> >with DYNDNS etc) and it would also add a layer of security to HECnet
> >without any changes needed to the bridge etc.
>
> I have to pay for a commercial line, and not simply the low-end
> commercial line, but a higher-grade one in order to get a static IP.
> That's part of why I have such a fast connection now. Honestly
> between the cost of the commercial line and the added electricity use
> it really isn't worth what it's costing me each month to keep this
> going since I don't really have time to mess with such things. :-(
Does it matter if the "client" end of the tunnel has a dynamic IP? If not
we only need a handful of static IPs. Once the new box gets put into place
at colo i was going to setup simh on it. I could be a massive routing hub
if people wanted to connect their tunnels to me.
-brian
--
"Coding in C is like sending a 3 year old to do groceries. You gotta
tell them exactly what you want or you'll end up with a cupboard full of
pop tarts and pancake mix." -- IRC User (http://www.bash.org/?841435)
On Mon, Nov 09, 2009 at 07:58:59AM -0700, Zane H. Healy wrote:
At 3:31 PM +0000 11/9/09, Sampsa Laine wrote:
I realise that at the moment there aren't many people involved that
do not have static IPs but I think as time goes on consumer grade
ISPs are going to start cutting back on the amount of IPs a
residential customer can have.
With this in mind, might there be some mileage in setting up a VPN
for HECnet use? This way we would not need to worry about whether we
have public static IPs in the future (most VPNs are happy to work
with DYNDNS etc) and it would also add a layer of security to HECnet
without any changes needed to the bridge etc.
I have to pay for a commercial line, and not simply the low-end
commercial line, but a higher-grade one in order to get a static IP.
That's part of why I have such a fast connection now. Honestly
between the cost of the commercial line and the added electricity use
it really isn't worth what it's costing me each month to keep this
going since I don't really have time to mess with such things. :-(
Does it matter if the "client" end of the tunnel has a dynamic IP? If not
we only need a handful of static IPs. Once the new box gets put into place
at colo i was going to setup simh on it. I could be a massive routing hub
if people wanted to connect their tunnels to me.
-brian
--
"Coding in C is like sending a 3 year old to do groceries. You gotta
tell them exactly what you want or you'll end up with a cupboard full of
pop tarts and pancake mix." -- IRC User (http://www.bash.org/?841435)
