[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D: Simple Configured Tunnel Setup Procedure

To: "'Gert Doering'" <gert@space.net>, "'Ole Troan'" <ot@cisco.com>
Subject: RE: I-D: Simple Configured Tunnel Setup Procedure
From: "Jeroen Massar" <jeroen@unfix.org>
Date: Fri, 21 Nov 2003 20:23:47 +0100
Cc: "'Pekka Savola'" <pekkas@netcore.fi>, <v6ops@ops.ietf.org>
In-reply-to: <20031121183219.GS30954@Space.Net>
Organization: Unfix

-----BEGIN PGP SIGNED MESSAGE-----

Gert Doering wrote:

> On Fri, Nov 21, 2003 at 04:29:24PM +0000, Ole Troan wrote:
> > I do like the idea (but)... if the 'S' in STEP means simple 
> to deploy
> > then couldn't you achieve the same by just using L2TP? the user runs
> > the LAC the ISP the LNS. IPv6/PPP/L2TP/UDP tunnelling between
> > them. the ISP would typically have the required infrastructure
> > already. authentication is defined and it should do NAT traversal.
> 
> Been there, done that, works :-)
> 
> The drawback is that it's only "simple" if you have an existing L2TP
> infrastructure (that already can do IPv6).

tinc / OpenVPN works indeed.

I've implemented the first one in the SixXS framework and am currently
running a beta for it. Tinc does UDP and TCP using RSA keys etc.
Keys are 'uploaded' from the client to the SixXS configuration service
and then the noc box syncs the POP. Using the "heartbeat" client it
automatically works currently on both unices and Windows platforms.
It is still in beta because we like to provide a quality service
and there where still some minor details to be worked out.
Now the hardest part is getting a NIC handle to signup to SixXS :)

Also see http://www.sixxs.net/tools/configservice/
And http://www.sixxs.net/tools/heartbeat/

The 'heartbeat protocol' btw allows for true dynamic tunnels.
The client sends a md5 signed heartbeat to the POP every 60 seconds
or when the client notices an IP change, Windows has nice events
for this and unices can sigHUP the client causing an instant update.
which then adjusts it's proto-41 tunnel to the specified endpoint.
Yes, these are authenticated+configured tunnels.

Drafts for the configservice still have to be typed but it should
be clear how it works from the above url, a draft for the heartbeat
protocol is included in the unix tarball.

Sources available at http://www.sixxs.net/archive/sixxs/heartbeat/
Windows sources will be released soon but we'll have to clean
those up first for public release.

The rest of the SixXS system is also open and free btw but currently
not available for public download.

Greets,
 Jeroen

-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/

iQA/AwUBP75mQymqKFIzPnwjEQICRQCfT7DfriuDqOIhAe6MwZ5fZKZc2L8AoJgz
RkHfP6OIoNFe236U2phdhDxG
=kQKf
-----END PGP SIGNATURE-----

References:
- Re: I-D: Simple Configured Tunnel Setup Procedure
  - From: Gert Doering <gert@space.net>

Prev by Date: Re: I-D: Simple Configured Tunnel Setup Procedure
Next by Date: Re: I-D: Simple Configured Tunnel Setup Procedure
Previous by thread: Re: I-D: Simple Configured Tunnel Setup Procedure
Next by thread: Re: I-D: Simple Configured Tunnel Setup Procedure
Index(es):
- Date
- Thread