Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am running a brand new WISP (Wireless Internet Service Provider), and I need to be able to remotely administer access points behind the NAS on my various hotspots. Each hotspot is running coovachilli, and the APs have static private IPs. Each hotspot has a different private subnet beginning with 192.168. Each NAS has a static IP from our ISP. Here is a picture of what I need to do:
While I can reliably connect over the WAN to Y.Y.Y.Y and administer that server via web or ssh, I need to be able to administer the static private IPs (the radio devices) on 192.168.2.0 from the 192.168.1.0 LAN via my web browser (this is due to the nature of the firmware on the devices), as well as being able to bring all of my SNMP under one "roof".
SPECIFIC QUESTION: How can I define the routing on NAS X... and NAS Y... to allow me to simply web or ssh or whatever 192.168.2.x from the 192.168.1.x side? NAT? VPN? PPTP? Which would be the best solution?
Yes, a VPN would work for about 90% of what I need done. However, I have a RADIUS server running on one of the subnets and am not sure how much a VPN might slow down the AAA process. Any other suggestions?
Why would a VPN slow it down? Physical geography and public routing would have a vastly larger effect, especially as a radius conversation would literally just be 2 udp packets.
A VPN will not slow it down, reason being that without a VPN it won't work at all! The Internet does not contain routes for 192.168.x.x networks so the only possible way you will be able to connect is to establish some sort of tunneling. Which is effectively a VPN.
no, you're asking for other suggestions, as if you think you know it will slow things down when it won't. a VPN is the most rightest way to do this.
Geez, Chris. Either you fancy yourself a mind reader, or you need some time off.
I have no good idea as to how to approach this connection, largely due to my lack of recent experience in this aspect of networking. I know next-to-nothing about RADIUS or UAM. Therefore, seems reasonable to ask about the speed issue and to also request other suggestions.
I thought my ignorance was apparent by the original post.
A VPN will not slow it down, reason being that without a VPN it won't work at all! The Internet does not contain routes for 192.168.x.x networks so the only possible way you will be able to connect is to establish some sort of tunneling. Which is effectively a VPN.
Thanks, baldy. I too am hairless. Looks like the consensus here is to setup a VPN and then (in my case) pray.
Yup, still what I would think of as a VPN, although as you point out its technically not "private" as its unencrypted. You may have trouble getting GRE over your ISPs network though. An IPinIP tunnel is more likely to work in my experience.
There is no reason why RADIUS will not work over a VPN and the added latency due to encryption is going to be negligible.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.