Wireless Masochism

Hans Fugal hans at fugal.net
Tue Jul 5 14:04:27 MDT 2005


On Tue,  5 Jul 2005 at 13:56 -0600, Andrew McNabb wrote:
> On Tue, Jul 05, 2005 at 11:03:44AM -0600, Von Fugal wrote:
> > The only pain I see is routing through the VPN once set up. You could
> > either use UDP over VPN to do dhcp from the VPN server and set the route
> > that way, but then you have to be careful not to lose your route through
> > the wireless router.
> 
> You don't want to use DHCP over a VPN.  

Sometimes you do.

> The VPN software does everything you would want DHCP to do.  

You mean like dynamic DNS? If a VPN is duplicating all the behavior of a
DHCP server we have a serious violation of the "don't reinvent the
wheel" syndrome. 

> Like I said in my first email, I was extremely impressed with OpenVPN
> because issues like the one you mentioned are automatically taken care
> of.  I didn't have to go through nearly as many of the details as I
> had thought I would have to.

I think OpenVPN goes too far in DHCP-server emulation, but I admit it's
a hard line to draw. It is very nice that you don't have to set up a
DHCP server to do the basics (give me an IP address, set up routes and
nameservers). Unfortunately a side effect of this is that anytime
someone asks about using a DHCP server in an OpenVPN setup, people just
blast them with "why are you doing that, moron?" And, if you do buy into
it, you end up administering both a DHCP server and OpenVPN, and we all
know that repeating yourself is to be avoided wherever possible.

I've done it, and it's useful. Unless you're as crazy as me, though, you
probably won't feel the need. :-) But it works great (over tap, of
course, although it should work over tun if you hack up some sort of
DHCP relay thingie).

Remember the UNIX philosophy--lots of little tools that do one thing and
do it well.

-- 
 .O.  Hans Fugal            | De gustibus non disputandum est.
 ..O  http://hans.fugal.net | Debian, vim, mutt, ruby, text, gpg
 OOO                        | WindowMaker, gaim, UTF-8, RISC, JS Bach
---------------------------------------------------------------------
GnuPG Fingerprint: 6940 87C5 6610 567F 1E95  CB5E FC98 E8CD E0AA D460
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20050705/65fb28ce/attachment.bin 


More information about the PLUG mailing list