Good day.

There are about ten servers. Each server can have up to 255 subscribers. And the servers are united in a common network, but there are several that connect through a single server. That is, one server sees another only through the third. The issue of protecting the connection is not important, it may not be at all.

I need to create a network between subscribers and servers, so that I can ping another subscriber from one subscriber. All ip addresses are static.

I had an idea to raise the vpn network on the servers, register the servers of their neighbors, and connect each subscriber to his server. The choice fell on openvpn, it was possible to register neighbors on the server, but addressing clients there does not allow connecting 255 users (there are pairs [1,2], [5,6]).

After that, I chose l2tpd, there you can register a server with 255 subscribers (192.168.0.1, 192.168.0.2, 192.168.0.3, etc.), but I cannot find the connection of neighboring servers with their network.

Ideally, it should be that one server has a network of 192.168.0.0/24, the second is 192.168.1.0/24, the third is 192.168.2.0/24, etc. And addressing in vpn should not intersect with ip addressing. Those. if I try to ping 192.168.1.2 with 192.168.0.1, then if I select the tun0 interface (for example), I will ping via vpn, and if I choose the eth0 interface, then over the normal network.

Is there a ready implementation of such an idea? Better if open source?

  • And you on what OS you do it. between vpn servers is optional. You can do for example ipip tunnel. Although the server can be connected in any way, the main thing after this is to explicitly register the routing to the client subnets via the established tunnels - Mike
  • @Mike linux. So, for each server on each server will you need to register a route? I assumed that if you use vpn technology, then use it everywhere. Is it possible to use something like OSPF so that the routes themselves are rebuilt in case of loss of communication? - kostap
  • Yes, put quagga, for it the tunnels do not differ from any other interfaces, so OSPF will work through them. At the same time, she herself will distribute all the routes across the servers and will not have to write them everywhere manually. True, if the clients themselves also connect via vpn, then the routing tables will be large. The quagga will most likely want to distribute the path to each client separately on the network. I think this can be avoided, but I will not be able to suggest something, I am not familiar with the OSPF settings. - Mike
  • @Mike I didn’t quite understand how it would work and what kind of vpn should I choose? Suppose I choose l2tp, specifically l2tpd, I install on one server (192.168.0.1). I cling to this server of subscribers (192.168.0.2, 192.168.0.3, etc.). I do the same with the second server (192.168.1.1) and abonents (192.168.1.3). The server sees the server directly. If I put OSPF on all interfaces, there will be a collision of my vpn network with the ip network. If OSPF is distributed only to vpn interfaces, then how servers learn about each other. - kostap
  • If ipip is also superimposed on this, then it turns out it is necessary to open a tunnel for each server connection? I just don’t really understand how this bundle will work - kostap

0