From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 9A4D61381F3 for ; Wed, 22 May 2013 19:44:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7FE67E084F; Wed, 22 May 2013 19:44:19 +0000 (UTC) Received: from mail2.viabit.com (mail2.viabit.com [65.246.80.16]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 5F78FE080C for ; Wed, 22 May 2013 19:44:18 +0000 (UTC) Received: from [10.1.1.204] (unknown [65.213.236.244]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail2.viabit.com (Postfix) with ESMTPSA id 3bG46T5T1rz1hfG for ; Wed, 22 May 2013 15:44:17 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=orlitzky.com; s=mail2; t=1369251857; bh=Oj8c2z+lSpXrmHmqu+jXR2epMMLeapBVrdgHApaT6nQ=; h=Date:From:To:Subject:References:In-Reply-To; b=sVtMSZETO6Yk6kX8JRNCjWuGr9PUqcYmiCWOHTqlOlGCKUCnFauMHJB09v5okHA5E yeGVRZK7uYHaQhha8ei0jOASY1nPlUFTsQtI5O6eHHQWi3QeN1IrswfPpTgOirfdC7 Q3JJDtTbVEbebJacQyA0wuqyC7G3IW2mrAle2iFE= Message-ID: <519D2011.1000402@orlitzky.com> Date: Wed, 22 May 2013 15:44:17 -0400 From: Michael Orlitzky User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130417 Thunderbird/17.0.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] VPN vs LAN address hostname resolution References: <519CF41B.5040108@gmail.com> <519D021D.2050006@orlitzky.com> <519D05C9.8000308@gmail.com> <519D0ED4.80304@gmail.com> <519D13E4.1070700@orlitzky.com> <519D1E02.1080001@gmail.com> In-Reply-To: <519D1E02.1080001@gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: e2d884a9-5061-489d-9840-49d4d1fd5666 X-Archives-Hash: c3c23c02fe8ccd9ee546a39d4ac69369 On 05/22/13 15:35, Samuraiii wrote: > The only result I got was a script which every 5 minutes checked all > possible addresses of given machine (my "network" is not big at all - > only eight machines and one network printer). So checking around 20 > addreses is not big deal - but this approach feels clumsy and not > scalable to bigger networks (as have other users from list to deal with). > > Script was just checking (by sftp with public ssh keys for unprivileged > account) if LAN (eth or wifi) address is up and if not it just assigned > address to hostname from vpn range (it did not accounted if machine is > up or down). And the just write new /etc/hosts. > Central dns is possible only in one part of network - only one machine > runs 24/7. Can't this be changed? If you're running a script to update 20 hosts files regularly, you're reinventing what DNS already does. > > Routers on both sides are just simple boxes which support only built-in > dhcp. > Central DNS and/or routed VPN does not solve problem of compute not in > any of "known" networks. Both would solve the problem. If the routers are the VPN gateways as well, you could decide e.g. that a certain chunk of the VPN space belongs to location 1, and then have the router at location 1 do the appropriate thing (all packets travel through it, after all). This can be done directly with some VPN software, or you can translate the addresses on the fly with iptables. With a DNS server at each physical location, you just have the DNS server at location 1 return the local (location 1) address instead of the VPN address for any hostnames physically located at location 1.