In article <pine.neb.4.64.1402121206510.8...@screamer.whooppee.com>, Paul Goyette <p...@whooppee.com> wrote: >In the not-too-distant future, I'll be moving overseas, to a location where >fixed IPv4 network addresses are unavailable (or at least, they will be >prohibitively expensive!) > >I'm planning to get a virtual machine in a US location, with a single fixed >IPv4 address. All of my other machines will be sitting behind some ISP's NAT >device. And that ISP doesn't do IPv6. > >I would like to set things up so that my US-based virtual host is a backup MX >mail server for my domain, and one of the behind-the-NAT machines would be the >primary mail server. > >I can get an adequate supply of fixed IPv6 addresses from the company that >hosts the US-based virtual machine, so I can assign addresses to the >behind-the-NAT machines. But I would need some sort of tunnel between the >virtual host and the rest of the machines. > >I know I can set this up using "ssh -w" and tun(4) devices, but the ssh man >page seems to indicate that this is not necessarily a good solution (due to >significant overhead?). > >So I'm looking for other options. My primary requirements are fairly simple: > >* the tunnel needs to be established regardless of the address/port being used >on the behind-the-NAT end > >* the tunnel establishment must be authenticated in some manner, so that only >my systems can connect > >* the outer (encapsulating) protocol must be IPv4, while the inner >(encapsulated) protocol must be IPv6 > >* it would also be highly desired that the tunnel establishment occur >automatically, and with automatic retry if the connection drops > >Any suggestions on something simple?
Not too simple, but I use L2TP via the pkgsrc xl2tpd. christos
