[Gllug] DNS & VPN

tid td at bloogaloo.co.uk
Thu Jun 21 08:40:49 UTC 2007


I have had a similar scenario on openVPN in the past: around 20 / 25
non-tech users who were accessing
an internal job tracking system: We gave up trying to find the optimal
solution to internal server IP changes (long
and boring description) but eventually left a "Change your windows hosts
file to this new IP address" page. Not
nice, but cheap and it worked: no calls to the support desk!

tid

On 20/06/07, Alain Williams <addw at phcomp.co.uk> wrote:
>
> On Wed, Jun 20, 2007 at 10:26:12PM +0000, Chris Bell wrote:
> > On Wed 20 Jun, Alain Williams wrote:
> > >
> >
> > >
> > > The internal office addresses are 192.168.XX.XX Part of setting up the
> VPN connection
> > > is to push a routing command to the home PC to 192.168.0.254 which is
> the one address
> > > that they need to access over the VPN and for which I would like to
> give a name.
> > >
> > > The VPN (and routing, etc) all works. The question is how to name
> 192.168.0.254.
> > >
> >    I would expect a VPN to be from a fixed IP address to guard against
> > spoofing. If it is to a destination behind NAT or masquerading, then
> there
> > must be some kind of re-routing operation as 192.168.x.x/16 addresses
> are
> > not routable. You may be able to provide access to the destination
> > "boxname.fully_qualified_domain_name" but I would expect to use secure
> > authorisation and encryption (kerberos?).
>
> The gateway/vpn-server DOES have a fixed IP address, it provides a VPN to
> the office 192.168.XX.XX
> network. It is how to best provide a name for 192.168.0.254 that I am
> trying to work out.
>
> As I keep on saying: The VPN (and routing, etc) all works. The question is
> how to name 192.168.0.254.
>
> --
> Alain Williams
> Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT
> Lecturer.
> +44 (0) 787 668 0256  http://www.phcomp.co.uk/
> Parliament Hill Computers Ltd. Registration Information:
> http://www.phcomp.co.uk/contact.php
> #include <std_disclaimer.h>
> --
> Gllug mailing list  -  Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20070621/a557557a/attachment.html>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list