Linode Forum

[wipeout]

Hi,

I want to setup a pptp connection from my DSL router to my Linode.. This is so the Linode can access a server on my LAN to collect an image when requested..

Obviously I will need to use private IP's for the pptp setup.. I know Linode allow you to run private IP's between Linodes so I don't want to go ahead and setup anything I like and conflict with something on their network..

Do I need to get a private IP allocated to my Linode or does it not matter what private IP ranges I use for the PPTP setup?

Thanks.

[hoopycat]

If it's not going to be routed through a network outside of your control, it doesn't need to be coordinated with anyone else. If you're using IPv4, it would be a good idea to keep it within RFC 1918 space (excluding 192.168.128.0/17, which is the range Linode assigns for intra-datacenter communications). Aside from that, have fun!

[wipeout]

Thanks hoopycat..

Will definitely be within the RFC 1918 space.. Just didn't want it to conflict with anything else happening on the network because it seems I have to bind the address to the network interface for it to work with PPTP..

Anyway, let the fun begin.. :)

[glg]

wipeout wrote: Thanks hoopycat..

Will definitely be within the RFC 1918 space.. Just didn't want it to conflict with anything else happening on the network because it seems I have to bind the address to the network interface for it to work with PPTP..

Anyway, let the fun begin.. :)

Don't you bind the 1918 address to a virtual interface and not eth0?

[wipeout]

glg wrote:
Don't you bind the 1918 address to a virtual interface and not eth0?

Don't know, haven't attempted it yet but if you have any input on making it work I am all ears.. :)

I have a LAN network (192.168.2.0) and a server on 192.168.2.2.. I have a Draytek Router that will allow me to create a PPTP VPN connection to my Linode once a PPTP server is setup..

My theory is to create a VPN network, lets say 192.168.200.0, and then have a script run on the Linode to access 192.168.2.2..

I may have to setup some static routing etc. but in theory it should work if I can get the PPTP connection established and passing traffic correctly..

[Abzstrak]

why use a vpn? just rsync the file(s) or scp or the like.... much simpler, and still very secure.

[wipeout]

Abzstrak wrote: why use a vpn? just rsync the file(s) or scp or the like.... much simpler, and still very secure.

The server is a CCTV box so I need to collect the latest image file from the camera on request and refresh it every 30 seconds while its being viewed.. So I need direct access from the web server to the CCTV server..

[Abzstrak]

I don't understand why that precludes you from using rsync or scp via a script.

I just seems much easier to me to write a script to copy the file and schedule it to run at whatever time frame you need.

[wipeout]

Abzstrak wrote: I don't understand why that precludes you from using rsync or scp via a script.

I just seems much easier to me to write a script to copy the file and schedule it to run at whatever time frame you need.

Because the script would have to run every 30 seconds, uploading the image to the web server 2880 times a day..

Accessing it directly on request would mean transferring the image about 250 times a day on average when its requested by site users.. Meaning the facility would consume less than 10% of the bandwidth..

[Abzstrak]

I just assumed you would run an scp or rsync on request as well.

also, just so you know, this all has nothing to do with a private IP. The private IP's are for intra-linode communications in case you have more than one.

[wipeout]

Abzstrak wrote: I just assumed you would run an scp or rsync on request as well.

also, just so you know, this all has nothing to do with a private IP. The private IP's are for intra-linode communications in case you have more than one.

Ok.. I see what you are saying.. :)

Unfortunately the CCTV server doesn't support SCP or Rsync.. It just provides images on a HTTP path..

[bryantrv]

Maybe I'm missing something, but I thought a private ip was not routable to the outside world, and any ip that can be accessed from the interwebs is, by definition, publicly accessible.

[db3l]

bryantrv wrote: Maybe I'm missing something, but I thought a private ip was not routable to the outside world, and any ip that can be accessed from the interwebs is, by definition, publicly accessible.
Thus the concept of a VPN - in this case the "private" device is not, in fact, accessible from outside the VPN.

In other words, the two endpoints of the VPN are directly connected by a virtual "wire", just as if they were directly connected as on a home or office network. Thus, they are then free to agree to use any addressing scheme, including private address space. While the VPN endpoints themselves will have to have a public address so the tunnel can make it across the public network, the traffic that traverses the VPN and the devices accessed on either side do not.

To the OP there's really no restriction on your address choices. And nothing to request, just configure whatever you like, on the devices that need to communicate.

If you are using private interfaces on your Linode, I believe they all come out of the 192.168/17 space, so you could either just select a non-overlapping portion of that space, or shift to 172.16/12 or 10/8 instead. (Technically you can really use any address that won't need to be otherwise accessible to the devices involved)

I'm assuming you've selected PPTP due to known support on whatever equipment you are using, but if you aren't wedded to it, you might also take a peek at OpenVPN.

To the question of periodic scp/rsync or whatever, for me, there comes a point, depending on the activities and protocols involved, where it's just so much easier to establish a proper network between two devices and not try to shoe-horn all activities through a single ssh-based pipe. Not that the latter isn't useful in all sorts of other cases.

-- David

[wipeout]

[quote="db3l"]
To the OP there's really no restriction on your address choices. And nothing to request, just configure whatever you like, on the devices that need to communicate.

If you are using private interfaces on your Linode, I believe they all come out of the 192.168/17 space, so you could either just select a non-overlapping portion of that space, or shift to 172.16/12 or 10/8 instead. (Technically you can really use any address that won't need to be otherwise accessible to the devices involved)
Quote:
Thanks for the clarification.

[quote="db3l"]
I'm assuming you've selected PPTP due to known support on whatever equipment you are using, but if you aren't wedded to it, you might also take a peek at OpenVPN.

Correct, the router at the site in question has built in PPTP support.. I know its not the most secure VPN in the world but its very easy to setup and get working (based on previous experiences with it, although this is a completely different setup).. The router supports IPsec and L2TP as well but these seem too complicated to setup for my simple needs..