I got a response back from Tobias Volk (the PeerVPN author) He changed the bullet on the main web page to help clarify that there is no automatic tunnel through firewalls..
text was... *Automatically builds tunnels through firewalls and NATs without any further setup (for example, port forwarding).* text changed to... *No NAT reconfiguration necessary, only one node with a public address is required* On Tue, Sep 20, 2016 at 9:10 AM, brian mullan <[email protected]> wrote: > Serge, > > >> >> >> >> *> Automatically builds tunnels through firewalls and NATs without any >> further> setup (for example, port forwarding).I would not appreciate >> something which "automatically" (whatever itmeans) traverse my firewalls, >> to be honest. We should treat our dataseriously, Brian.* > > > First, a sysadmin person has to install/setup/configure PeerVPN on each > server so I guess like installing/configuring TINC or any other VPN > solution there is some assumption of some sort of "trust" in that person's > work. > > Second, in PeerVPN's configuration file > <https://github.com/peervpn/peervpn/blob/master/peervpn.conf> on each > server you (re the sysadmin) have to > specify 2 security related items: > > PORT xxxxx # the Port to be opened/used by PeerVPN > > But you point out a good question - > regarding that bullet by the author on the PeerVPN web page. Tobias Volk > may be referring to something else as *it CLEARLY states in the short > PeerVPN tutorial <https://peervpn.net/tutorial/> you MUST port-forward the > "port" configured for PeerVPN to use if Nodes are behind a NAT. * > > *I know PeerVPN doesn't work if you have not done that from my own use.:* > > > *Configuration of node A* > > >> Create the peervpn.conf of Node A with the following content: > > > > port 7000 >> networkname ExampleNet >> psk mysecretpassword >> enabletunneling yes >> interface peervpn0 >> ifconfig4 10.8.0.1/24 > > > > This will open UDP port 7000 and create a virtual ethernet interface with >> the name peervpn0 and the IP address 10.8.0.1. > > > > Please note that Node A needs to be directly reachable from Node B. >> *If Node A is behind a NAT device, you will have to forward port 7000. * > > > > *Configuration of node B* > > >> Create the peervpn.conf of Node B with the following content: > > > > port 7000 >> networkname ExampleNet >> psk mysecretpassword >> enabletunneling yes >> interface peervpn0 >> ifconfig4 10.8.0.2/24 >> initpeers node-a.example.com 7000 > > > > Replace node-a.example.com with the real address of Node A. > > Further there is the shared PSK crypto key generation that also limits > connections to "peers" sharing the "same" PSK "seed" in the configuration > file. > > In a PeerVPN mesh different server/hosts can have multiple PSK "seed" > configured to allow any 1 host to "peer" with different specific systems in > the "mesh" who have a matching PSK "seed" configured. > I can email Tobias and ask for clarification as to what "bullet" means. > > Brian > > >
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
