Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Mesh networking help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Mesh networking help

roronarorona Member
edited September 2012 in Help

Dear All,

I have a dozen VPSes with OpenVPN/PPTP/L2TP installed, Each server (node) have its own 172.x.0.0/16 to be allocated to clients. I wanted to build a mesh between all the VPSes, so the clients connected to different nodes can communicate with each other (within the 172.x.0.0/12). Note the clients are NOT part of the mesh.

Does anyone have a clue how to do it? I heard OpenVPN can do it with a special configuration, and tinc could do it too.

I am not good at linux networking so I am not sure how to get this working correctly. Any input is welcomed.

I am thinking of using tinc to do it but I am not sure how to make it pass the traffic through correctly, and how to advertise the routes correctly to the clients. My main concern is if it is compatible with the existing OpenVPN/PPTP/L2TP setup.

So the traffic would be going like this (IP as sample):

Client 1 (172.16.4.123) <-> Node A (172.16.1.1) <-> Node B (172.17.1.1) <-> Client 2 (172.17.8.13)
Client 1 (172.16.4.123) <-> Node A (172.16.1.1) <-> Node C (172.18.1.1) <-> Client 3 (172.18.1.31)
Client 2 (172.17.8.13) <-> Node B (172.17.1.1) <-> Node C (172.18.1.1) <-> Client 3 (172.18.1.31)

The connection can only goes through 2 nodes at most, so NEVER Client 1 <-> Node A <-> Node C <-> Node B <-> Client 2.

Have to get this working, otherwise a dozen VPSes sits idling (not really LEBs). This is quite an uncommon setup. I guess people normally use multiple Cisco routers to achieve the same effect. Thanks.

Comments

  • TheHackBoxTheHackBox Member
    edited September 2012

    On the server you can

     push "route 172.17.8.0 255.255.255.0" 

    in OpenVPN to allow clients to talk to other subnets :) (Only add this to the server config as it gets automatically pushed to the client.)

  • rm_rm_ IPv6 Advocate, Veteran

    No idea about mesh network with OpenVPN, but tinc indeed does this very easily (and automatically). It basically just emulates an Ethernet network between all your hosts, and any communication between any two hosts goes directly between them if it can (i.e. if none of those are NAT'ed), not via some designated router.

  • I'll give tinc a try tonight. I am indeed just making a LAN over VPN, no NAT whatsoever.

  • rm_rm_ IPv6 Advocate, Veteran

    Here's a small howto about tinc: http://www.vanheusden.com/Linux/tinc_mini_howto.html

  • Setup a L3 VPN (routed) between each node and assign them a /30 or larger IP range so they can talk to each other. Then on each node, static route the respective VPN IP range to the other node's /30.

    Node A - 172.16.0.0/16, 10.1.1.1 (Node A-B), 10.1.2.1 (Node A-C)
    Node B - 172.17.0.0/16, 10.1.1.2 (Node B-A), 10.1.3.1 (Node B-C)
    Node C - 172.18.0.0/16, 10.1.2.2 (Node C-A), 10.1.3.2 (Node C-B)

    Node A
    ip route 172.17.0.0/16 gw 10.1.1.2
    ip route 172.18.0.0/16 gw 10.1.2.2

    Node B
    ip route 172.16.0.0/16 gw 10.1.1.1
    ip route 172.18.0.0/16 gw 10.1.3.2

    Node C
    ip route 172.16.0.0/16 gw 10.1.2.1
    ip route 172.17.0.0/16 gw 10.1.3.1

  • rm_rm_ IPv6 Advocate, Veteran

    @Kenshin
    Yes, yes, that's the kind of hassle people had to endure with VPNs before there was Tinc :D

  • Does tinc perform full mesh on it's own? In other words it will assume that all endpoints can connect to each other via internet and create all the tunnels?

    Will probably fool around with it soon. :D

  • rm_rm_ IPv6 Advocate, Veteran
    edited September 2012

    @Kenshin
    Yes it does: http://www.tinc-vpn.org/
    Automatic full mesh routing
    But it does not hard-assume everything is reachable, e.g. if some nodes are not reachable directly for some reason, it will still work, other nodes will automatically forward for them.

  • I wonder if anyone could give me a hand showing me a sample tinc config file to join 3 (or more) LAN segments (172.16.0.0/16, 172.17.0.0/16, 172.18.0.0/16) and the relevant routes to be added to each server.

    Got tinc to work between the nodes but it is not forwarding traffic like I wanted in the top post. Thanks.

Sign In or Register to comment.