Playing around a bit with ssh tunneling right now. When I create a kind of VPN concentrator with a few tun interfaces: is there any reason why I can't just assign the same IP on all these tun interfaces? A quick test shows this set up working nicely, with ifconfig tunX localip pointopoint remoteip (the localip part being the same) setting up the routes to chose the right tun device for all remote IP addresses, and ping worked just fine for me. Firewall rules will always have the remote IP and/or the interface name to decide when a packet applies.
Obviously setting up a listening socket at only one of these interfaces is not so trivial now since I can't just listen to the IP, but that's a restriction I'm happy with. Anything else I'm not thinking of right now?
Comments
Wed, 10.03.2010 13:01
Peter, thanks for the pointer. I'm looking forward to where all this is going. I will, h owever, readily admit th [...]
Wed, 10.03.2010 12:02
I agree that the state of free end-to-end groupware systems is sad. You may be interested to share some of your f [...]
Fri, 05.03.2010 21:06
A1: 1 Endless Loop? A2: ?
Thu, 25.02.2010 14:09
I actually saw this implemente d in my sniffer the other day. Looks like Microsoft uses it to contact update server [...]
Fri, 05.02.2010 22:59
Ask on debian-user mailing lis t. (i.e don't turn debian-pla net into a support "mailing li st").