View Single Post
  #4   (View Single Post)  
Old 22nd March 2012
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by schmurfy View Post
The linux router is where the xDSL lines we rent are terminated, the company providing them to us provides this router and let us manage it to route our traffic where and how we want but do not support adding software on it.
Can it be configured to operate in "bridge" mode so that it merely moves packets between DSL and Ethernet without inspection or translation? If so, then you could implement a solution external to their device and its limitations, or the limitations of your xDSL service provider, or both.
Quote:
They intentionally kept out ipsec for performance reason...
I find that difficult to believe. Any other VPN solution is going to consume similar computing resources (CPU/RAM) or significantly more. In particular, VPN solutions with TCP tunnels (such as OpenSSH) will definitely consume more resources than IPSec.
Quote:
For tunneling purpose we have access to gre, ipip and openSSH, gre looked like a good candidates but without the key field support in OpenBSD it solves nothing.
Both GRE and IP/IP encapsulation can provide a "virtual network" connection via tunnel, but they offer no privacy or security. Traffic is sent in the clear, without encryption.
Quote:
I never thought about using openSSH like this but may be a lead although I am not sure how to route the traffic while keeping the companies isolated from each other....
I recall doing some testing several years ago, and searched on the forum.

In 2009 I discovered I could isolate RFC1918 subnets at the OpenSSH VPN gateways if I used IPv6 on the tun(4) devices instead of IPv4. NAT was used.

There were diagrams linked to the thread, but I no longer have them.

http://www.daemonforums.org/showthread.php?t=141
Reply With Quote