Bent's Wiki

User Tools

Site Tools

Trace:
alternative_access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
alternative_access [2025/01/04 15:37] – [Rationale] bentalternative_access [2026/05/16 16:05] (current) – [Rationale] bent
Line 8: Line 8:
  
 So the idea arose of having another way of connecting to the internet in case the fiber connection for whatever reason stopped functioning. This allows for at least two things: So the idea arose of having another way of connecting to the internet in case the fiber connection for whatever reason stopped functioning. This allows for at least two things:
-  * It allows connecting to the Internet from the LAN for browsing, email etc.  +  * It allows connecting to the Internet from the LAN for browsing, email etc. The details on how this is done in practice are [[redundancy|Redundancy]] 
-  * By itself it doesn't allow for incoming connection to publicly accessible server on the LAN. But since we are two persons working on this from different locations it became evident that an alternative was possible: By establishing a tunnel between our sites we could make it possible to access our own servers by connecting to the other's LAN using special addresses. The 'other' LAN could then route the connection back through the tunnel to the desired destination. Of course this scheme would break down if both sites lost their fiber connection simultaneously. +  * By itself it doesn't allow for incoming connection to publicly accessible server on the LAN. But since we are two persons working on this from different locations it became evident that several alternatives were possible:  
- +    - We could establish a tunnel between our sites which could make it possible to access our own servers by connecting to the other's LAN using special addresses. The 'other' LAN could then route the connection back through the tunnel to the desired destination. Of course this scheme would break down if both sites lost their fiber connection simultaneously. 
-This note describes how this alternative Internet access way is constructed.+      We could have a publicly accessible server somewhere in the Internet which each of us could make tunnels to and hence obtain the same advantages as above plus the possibility to still have access if e.g. my fiber went down **and** Steve was offline for whatever reason 
 +We have chosen to follow the second option outlined above and this note describes how this alternative Internet access way is implemented.
  
 ===== Physical Inplementation ===== ===== Physical Inplementation =====
  
-The access device used is an USB stick (dongle), in casu a Huawei E3372 LTE modem. A SIM card from [[https://www.lebara.dk/|Lebara]] completes the setup.+The access device used is an USB stick (dongle), in casu a Huawei E3372 LTE modem. A SIM card from [[https://www.oister.dk/|Oister]] completes the setup.
  
-A good question is: where to place the dongle: In the primary (fiber) router or in a separate router dedicated to the purpose. The answer in this situation became a separate router because having to distinct router gives an extra degree of redundancy.+A good question is: where to place the dongle: In the primary (fiber) router or in a separate router dedicated to the purpose. The answer in this situation was a separate router because having two distinct router gives an extra degree of redundancy.
  
 The alternative router is a RaspberryPi 3B running "Raspbian GNU/Linux", at present at version 11 (bullseye) The alternative router is a RaspberryPi 3B running "Raspbian GNU/Linux", at present at version 11 (bullseye)
Line 26: Line 27:
 ===== Routing ===== ===== Routing =====
  
-Once decided to have two routers on the LAN you have to use a routing protocol in order to keep the router updater on each other. The general routing protocol setup is described in [[setup:routing|Routing]]+Once decided to have two routers on the LAN you have to use a routing protocol in order to keep the routers updated on each other. The general routing protocol setup is described in [[setup:routing|Routing]]
  
-[[Alternate address|Alternate routed address space]]+We have decided to solely use IPv6 for this function. We have a host running at [[https://www.vultr.com/|Vultr]]. Steve has arranged for an IPv6 tunnel from [[https://tunnelbroker.net/|Hurricane Electric]] to our server at Vultr. This tunnel has a /48 IPv6 allocation. 
 + 
 +Each of us arranges a tunnel to Vultr and this tunnel gets a /56 sub-allocation. We have also set up routing tables so that connection requests to our sub-domain are routed through the tunnel to the proper site.  
 + 
 +The details of the sub-allocation and the routing is described in [[Alternate address|Alternate routed address space]]
  
 ===== DNS considerations ===== ===== DNS considerations =====
 +
 +Connecting to our servers through the tunnels does not require actions beyond what is described above. If, however, it should be necessary to use the sub-delegated addresses as source address for sending mail, further action is required.
 +
 +In order to have our sent email properly accepted by foreign mail server it is necessary to provide reverse name lookup for the mail servers. For practical reasons we decided to delegate the administration of the delegated sub-domain to the one that uses it. Details of the name space delegation is described in [[cross-allocation|IPv6 Cross allocation]]
  
alternative_access.1736005024.txt.gz · Last modified: by bent