Building an anycast VPN
Description | Discussion session about building an anycast-based VPN service on the Internet, for resilience, scalability, and fun. |
---|---|
Website(s) | |
Type | Discussion |
Kids session | No |
Keyword(s) | software, network, security |
Tags | vpn, anycast, diyisp |
Processing assembly | DIYISP |
Person organizing | Zorun |
Language | en - English |
Other sessions... |
Starts at | 2014/12/28 17:00 |
---|---|
Ends at | 2014/12/28 17:45 |
Duration | 45 minutes |
Location | Hall 13 |
Organisation
Warning: the time and location has changed, it's now in Hall 13 at 17:00, day 2 (it was initially planned at the DIYISP assembly at 17:15)
Description
VPN is a cheap way of bringing your network just about anywhere, so that you can route part of your IP space to any machine connected to the Internet. We make the assumptions that VPN clients are reachable to and from the Internet through the VPN.
However, all VPN clients are dependent on the VPN server: if it crashes, clients are no longer reachable from the Internet.
An interesting idea is to have multiple VPN servers, each one announcing the same IP space to the rest of the Internet (anycast). Then, using a P2P VPN (such as Tinc, fastd, anytun, etc), it should be possible to use all of these VPN servers as gateways to and from the Internet, providing fault tolerance.
This session is an informal discussion about setting up such a VPN, what DIY-ISPs/entities would be interested, and what we could do with it once it's set up.
After the congress
There was a pad for the session: https://pad.ilico.org/p/anycast-vpn-31c3
There is also a mailing list, feel free to subscribe: https://lists.ffdn.org/wws/info/anycast-vpn
Don't hesitate to drop by the La Quadra'teahouse or at another event of DIYISP, to discuss the project further.