Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


VPS + Dedi: private site-to-site connection?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

VPS + Dedi: private site-to-site connection?

Say there are 5-6 different servers - a mixture of dedis + vps, all with different providers, and accessible via ssh over internet, what is the best way to have an internal network that they each share with each other so as to be able to privately connect amongst themselves? Via OpenVPN site-to-site?
I know there is the openvpn nyr script: https://github.com/Nyr/openvpn-install
But what is the best way to create private network?

Comments

  • CFarenceCFarence Member
    edited February 2016

    I seen people mention tinc VPN I think it can do peer to peer but I'm not certain.

    I usually use softether and have one server as the master. Not the best way to do it probably but I'm already using softether for other stuff so it's just easier for me to use all the same

    edit: Auto Correct on phone OP

  • +1 for tinc

    Connect all servers to a single "introducer/master" node. All nodes connected to that node will automatically mesh together.

    Thanked by 1aFriend
  • I had this same question a while back and my research led me to tinc as the best option. I have yet to set it up though...

    Thanked by 1aFriend
  • tinc or openvpn

    Thanked by 1aFriend
  • I do this with tinc and run a backbone mesh vpn for exchanging of 'internal' data

    Thanked by 1aFriend
  • This is pretty helpful. I had never heard of tinc before. I just saw a helpful video on tinc

    What iptables changes need to be made?
    I didnt see any good scripts to set tinc up in github. Any one have any scripts to share?

  • exception0x876exception0x876 Member, Host Rep, LIR

    +1 for tinc - easiest to configure

  • +1 Tinc
    I like it

  • rm_rm_ IPv6 Advocate, Veteran
    edited February 2016

    Tinc!

    And that's only logical ("ConnectTo") structure, the actual traffic between any two nodes always flows directly. It's like all these nodes all over the world are just connected into the same Ethernet switch for private LAN.

    ALinuxNinja said: Connect all servers to a single "introducer/master" node

    Yep, as you can see I currently use two for redundancy.

  • tinc, definitely. My primary tool nowadays, when I need reliable self-healing P2P VPN.

  • @aFriend said:
    What iptables changes need to be made?

    Open TCP/UDP ports named 'tinc' in services file (decimal 655).

    Note: if you run more than single tinc network on the same system, you would need to use another port pair and, of course, open it in firewall, as well.

    Thanked by 1aFriend
  • So basically tinc is better to have your own devices in a LAN network? I only have openvpn so far because of nyr's easy installer and it's great, but I never got around to touch the config files to allow LAN traffic on openvpn.

  • Do you guys use DHCP with tinc, assign IPs manually, or use something like Avahi? I use Avahi myself, and it works pretty well; I just wanted to get an idea.

    Also, has anyone automated the addition of new nodes? I provision my servers with Chef, and it gets annoying that I have to give the "master" servers the public keys before any of the other nodes can connect.

  • So how does iptables change with a server with currently only one nic, once tinc is added? Currently I have something like 'iptables -A INPUT -p tcp --dport 80 -j ACCEPT'

  • @amhoab said:
    Do you guys use DHCP with tinc, assign IPs manually, or use something like Avahi?

    +1, also is it possible to have something like DNS service to resolve localdomain hosts to their IPs?

Sign In or Register to comment.