Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Tornevall Networks RaspTunnel is an experimental project where we're adding micro servers into a DMZ-controlled environment. Main purpose is ipv6 GRE-tunneling with the help from your primary router, which should be configured to route traffic to a DMZ-address, where this micro server, known as Raspberry pi, are the tunnel gateway.

The tunnel project primary target is has a primary goal: To configure ipv6 tunnels, where they are normally not reachable , or has a very weak configuration(ISP's that for example have no idea of what they are doing), or where the ip range is weakly configured without proper reverse PTR's.

How does it work?

An installer injects required data into a raspberry pi, which is configured with a static ip address matching the network that needs it. It should be installed at the same ip range as your DHCP server and your incoming gateway shoud be configured with a DMZ-pointer to this machine.

...

This is a infrastructure issue, so the primary location of the ongoing project issue is located here:

Jira
serverTornevall Networks
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverIdef1f2374-e58a-319f-9d38-10348dbac859
keyINFRA-15

Usage

Basically, everything is going to be handled through the pi. There are however an interface that automatically reconfigures the local tunnel ip address in case that is changing. The link looks like this:

https://api.tornevall.net/2.0/vpn/update/auth/<tunnelUserName>/key/<tunnelUserKey>/ip/<ipAddress>

Configuring the tunnel may be done manually with regular commands:

Code Block
languagebash
titleip tunnel manually
ip tunnel add <name> mode gre remote <addr>
ip addr <prefix> dev <name>

On the preinstalled raspberry pi there is however scripts that is making thing for you in /usr/local/sbin

ScriptWhat it does
/usr/local/sbin/pi-tunnel.runContains the current remote address required on connection and the current prefix.
It actually runs pi-tunnel.sh in the same path
/usr/local/sbin/pi-tunnel.sh

Automatically configures a tunnel based on the data entered at pi-tunnel.run, so this goes with two parameters:

<remote-connection-address> <your-prefix>