User Tools

Site Tools


alternative_access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
alternative_access [2025/01/04 14:08] bentalternative_access [2025/09/10 15:50] (current) – [Physical Inplementation] bent
Line 7: Line 7:
 But, but, but. There is always the chance that the fiber is cut, e.g. when somebody starts digging without having obtained proper information on what already may be buried in the ground (power cables, antenna cables, telephone cables , water piping, sewage piping, you name it) But, but, but. There is always the chance that the fiber is cut, e.g. when somebody starts digging without having obtained proper information on what already may be buried in the ground (power cables, antenna cables, telephone cables , water piping, sewage piping, you name it)
  
-So the idea of having another way of connecting to the internet arose. This note describes how this alternative Internet access way is constructed.+So the idea arose of having another way of connecting to the internet in case the fiber connection for whatever reason stopped functioning. This allows for at least two things: 
 +  * It allows connecting to the Internet from the LAN for browsing, email etc. The details on how this is done in practice are [[redundancy|Redundancy]] 
 +  * By itself it doesn't allow for incoming connection to publicly accessible server on the LAN. But since we are two persons working on this from different locations it became evident that an alternative was possible: By establishing a tunnel between our sites we could make it possible to access our own servers by connecting to the other's LAN using special addresses. The 'other' LAN could then route the connection back through the tunnel to the desired destination. Of course this scheme would break down if both sites lost their fiber connection simultaneously. 
 + 
 +This note describes how this alternative Internet access way is constructed.
  
 ===== Physical Inplementation ===== ===== Physical Inplementation =====
 +
 +The access device used is an USB stick (dongle), in casu a Huawei E3372 LTE modem. A SIM card from [[https://www.oister.dk/|Oister]] completes the setup.
 +
 +A good question is: where to place the dongle: In the primary (fiber) router or in a separate router dedicated to the purpose. The answer in this situation was a separate router because having two distinct router gives an extra degree of redundancy.
 +
 +The alternative router is a RaspberryPi 3B running "Raspbian GNU/Linux", at present at version 11 (bullseye)
 +
 +The primary router is a 3-port APU2E5 from [[https://pcengines.ch/|PCengines]] running Gentoo Linux.
 +
  
 ===== Routing ===== ===== Routing =====
  
-[[Alternate address|Alternate routed address space]]+Once decided to have two routers on the LAN you have to use a routing protocol in order to keep the routers updater on each other. The general routing protocol setup is described in [[setup:routing|Routing]] 
 + 
 +We have decided to solely use IPv6 for this function. Each of us have delegated a /64 sub-domain of our IPv6 allocation to the other. We have also set up routing tables so that connection requests to this sub-domain are routed through the tunnel back to the other.  
 + 
 +The details of the sub-allocation and the routing is described in [[Alternate address|Alternate routed address space]]
  
 ===== DNS considerations ===== ===== DNS considerations =====
 +
 +Connecting back to our servers through the tunnel does not require actions beyond what is described above. If, however, it should be necessary to use the sub-delegated addresses as source address for sending mail, further action is required.
 +
 +In order to have our sent email properly accepted by foreign mail server it is necessary to provide reverse name lookup for the mail servers. For practical reasons we decided to delegate the administration of the delegated sub-domain to the one that uses it. Details of the name space delegation is described in [[cross-allocation|IPv6 Cross allocation]]
  
alternative_access.1735999722.txt.gz · Last modified: by bent