Building an anycast VPN

From 31C3_Public_Wiki
Jump to: navigation, search

Description Discussion session about building an anycast-based VPN service on the Internet, for resilience, scalability, and fun.
Type Discussion
Kids session No
Keyword(s) software, network, security
Tags vpn, anycast, diyisp
Processing assembly DIYISP
Person organizing Zorun
Language en - English
en - English
Other sessions...


Starts at 2014/12/28 17:00
Ends at 2014/12/28 17:45
Duration 45 minutes
Location Hall 13


Warning: the time and location has changed, it's now in Hall 13 at 17:00, day 2 (it was initially planned at the DIYISP assembly at 17:15)


VPN is a cheap way of bringing your network just about anywhere, so that you can route part of your IP space to any machine connected to the Internet. We make the assumptions that VPN clients are reachable to and from the Internet through the VPN.

However, all VPN clients are dependent on the VPN server: if it crashes, clients are no longer reachable from the Internet.

An interesting idea is to have multiple VPN servers, each one announcing the same IP space to the rest of the Internet (anycast). Then, using a P2P VPN (such as Tinc, fastd, anytun, etc), it should be possible to use all of these VPN servers as gateways to and from the Internet, providing fault tolerance.

This session is an informal discussion about setting up such a VPN, what DIY-ISPs/entities would be interested, and what we could do with it once it's set up.

After the congress

There was a pad for the session:

There is also a mailing list, feel free to subscribe:

Don't hesitate to drop by the La Quadra'teahouse or at another event of DIYISP, to discuss the project further.