[COFF] [TUHS] RetroNet… Virtual is cheap.

Grant Taylor gtaylor at tnetconsulting.net
Sun Sep 2 12:00:44 AEST 2018 

On 09/01/2018 04:20 PM, Peter Jeremy wrote:
> My approach is a script on the client system (that has dynamic address) 
> that compares its external address with its address in DNS.  If they 
> differ, it sends an update to the DNS server.  The script is hooked into 
> dhclient so it's invoked when the address is updated or renewed.

That sounds like a very reasonable method to manage Dynamic DNS for a 
DHCP client.

That's not quite what I was thinking of.  ;-)

First:  I'm assuming that the VPS in question has two public IP 
addresses.  (It may be possible to do this with one, but the routing 
gets quite a bit more complex.)

Second:  Establish a VPN / tunnel between a client machine and the VPS.

Third:  Enable Proxy ARP on the VPS for the second (unused & unbound to 
the VPS) IP.

Fourth:  Add a route to said second (unused & unbound to the VPS) via 
the far side of the VPN / tunnel.

Fifth:  Bind the second (unused & unbound to the VPS) ip on the local 
VPN / tunnel client.

Hypothetically this will get the second (unused & unbound to the VPS) 
such that it can be bound and used by a local client.  Thus the local 
client will have the globally routed IP address extended to it from the VPS.

> The "DNS server" is a hack I've added to Iodine[1] - for an "A" lookup, 
> it does a readlink(2) of the FQDN in a config directory and treats the 
> target as an IPv4 address[2].  This FQDN is within a subdomain I've 
> delegated to Iodine - I have a CNAME pointing into the subdomain. The 
> client updates the symlink by SSHing to the DNS server host and running 
> a command that takes the domain name and address and updates the symlink.

Intriguing.  I'll have to check out Iodine.  Thank you for the information.

> Whilst I've managed to get a static address at home, I still find it 
> useful for VPSs where the address is static whilst the instance is 
> running but not preserved across rebuilds.

Indeed.

> As an example, lookup gce1.rulingia.com.
> 
> [1]http://code.kryo.se/iodine/
> [2] This is good enough because Australian ISPs don't believe in IPv6

I'll have to check out what you're suggesting.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://minnie.tuhs.org/pipermail/coff/attachments/20180901/45cac1b1/attachment.bin>

More information about the COFF mailing list