Difference between revisions of "Network/Server VPN"

From Makers Local 256
Jump to: navigation, search
(Add some vague and bad documentation about the server VPN.)
 
(update for current status)
 
Line 1: Line 1:
The Server VPN range (10.56.5.0/24) is used for point-to-point links between the shop and servers that aren't at the shop (such as remote2.makerslocal.org).
+
We're currently running a TailScale VPN with management attached to the Makers Local 256 GitHub group as a much more manageable upgrade from the old finicky IPSEC VPN. This currently exposes the 10.56.* address space to the VPN as routable and clients run on the EdgeRouter Lite itself and the remote web host which is now hosted on Hunter's community ESXi install.
 
+
Sometimes we also just use IPsec to encrypt the 10.x traffic between the remote server's public address and the on-prem stuff. In this configuration, the edgerouter seems to love to add extraneous routes that you have to delete. Example:
+
 
+
ip route del 206.198.230.76 dev br0  scope link  src 24.96.165.230
+
 
+
To ensure this happens if the VPN restarts, I add that "ip route del" line into root's crontab on the router, to run every few minutes. Terrible solution but it'll work for now.
+

Latest revision as of 11:30, 24 October 2022

We're currently running a TailScale VPN with management attached to the Makers Local 256 GitHub group as a much more manageable upgrade from the old finicky IPSEC VPN. This currently exposes the 10.56.* address space to the VPN as routable and clients run on the EdgeRouter Lite itself and the remote web host which is now hosted on Hunter's community ESXi install.

Retrieved from "https://256.makerslocal.org/wiki/index.php?title=Network/Server_VPN&oldid=23747"