gpg: failed to create temporary file '/var/lib/lurker/.#lk0x5851d100.hantslug.org.uk.21791': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Mon Jul 9 01:23:06 2007 BST
gpg: using DSA key 2099B64CBF15490B
gpg: Can't check signature: No public key
Hi,
I've been trying to create a private network between several
machines using point to point VPNs created with vtun, but I'm having
a mental blank and wondered if anyone here had any idea.
Perhaps a diagram of what I have now would make things clearer:
.----------------------. .----------------------. .----------------------.
| 10.100.1.121/24 +---. | | 10.100.1.86/24 +---. | | 10.100.1.69/24 +---. |
| corona . | | | islay . | | | curacao . | |
|.................. | | |.................. | | |.................. | |
| | | | | | | | |
| .-----------------. | | | .-----------------. | | | .-----------------. | |
| | 10.100.1.83/24 +-| | | | 10.100.1.75/24 +-| | | | 10.100.1.70/24 +-| |
| | cacti | | | | | ruminant | | | | | strugglers.net | | |
| `-----------------' | | | `-----------------' | | | `-----------------' | |
| | | | | | | | |
| .-----------------. | | | .-----------------. | | | .-----------------. | |
| | 10.100.1.122/24 +-' | | | 10.100.1.96/24 +-' | | | 10.100.1.76/24 +-' |
| | admin.corona | | | | admin.islay | | | | admin.curacao | |
| | | | | | | | | | | |
| | 10.100.1.1 | | | | | | | | | |
| `------+----------' | | `-----------------' | | `-----------------' |
| | | | | | |
`--------|--------------' `-----------------------' `-----------------------'
|
|
|P
|t
|P
|
|
.--------|--------------.
| | |
| .------+----------. |
| | 10.100.2.1 | |
| | | |
| | admin.montelena | |
| | 10.100.2.192/24 +-. |
| `-----------------' | |
| | |
| .-----------------. | |
| | rt | | |
| | 10.100.2.94/24 +-| |
| `-----------------' | |
| | |
|.................. | |
| 10.100.2.191/24 +---' |
| montelena . |
`-----------------------'
This diagram is also at
http://strugglers.net/~andy/tmp/internal.txt
if it's not readable in your mail client.
The above is what exists now. The large boxes
{corona,islay,curacao,montelena} are real servers (dom0) and the
boxes within them are virtual servers (domU). Each dom0 and all of
its domUs are on a Linux software bridged network so they can all
talk to each other within that one machine.
corona, islay and curacao are in one geographical location and
montelena is in another, hence domUs on {corona,islay,curacao} are
portable between those dom0s, but not to montelena. Therefore I
decided to use a different IP network for each site: 10.100.1.0/24
and 10.100.2.0/24.
As you can see, I have linked admin.corona and admin.montelena with
a point-to-point encrypted IP tunnel using vtun[1]. By giving every
machine on corona a route to 10.100.0.0/16 via 10.100.1.1, and every
machine on montelena a route to 10.100.0.0/16 via 10.100.2.1, there
is full end to end routing between everything on {corona,montelena}
which is exactly what I want.
My problem now comes when trying to integrate islay and curacao into
the mix. If they were to have different IP networks (e.g.
10.100.3.0/24 and 10.100.4.0/24) then it would be simple as it would
just be an extension of what was done with corona+montelena. But
because islay, curacao and corona are actually on the same physical
network and virtual machines are portable between those three, I
would really like them and all their virtual machines to also be on
the same 10.100.1.0/24 network.
Is there a way to do it? Perhaps an ethernet link in vtun between
admin.corona and admin.{islay,curacao}? I feel I'm missing
something obvious.
Cheers,
Andy
[1]
http://vtun.sourceforge.net/
