flaccid | smoser: gearing up for debian launch :) | 03:07 |
---|---|---|
Ashtray777 | I need to create a Customer Gateway, but I don't have a router, I only have a cable modem. Any ideas? | 07:19 |
Ashtray777 | Not that I would know how to create a Customer Gateway even if I had a router. | 07:19 |
kiall | Ashtray777, a "Customer Gateway" .. what exactly is that meant to be? :) Kinda sounds like "I need to create a Web 2.0 site, but I only have Web 1.0" .. lol ;) | 07:23 |
Ashtray777 | well umm I created a VPC, and created the subnets | 07:23 |
kiall | aha .. that makes more sense now ;) | 07:24 |
Ashtray777 | now I need to create a customer gateway by specifying "BGP ASN" and an IP address | 07:24 |
Ashtray777 | and I'm totally not sure if this is possible without some type of virutalization or router simulation | 07:24 |
kiall | You need something on the "office" side that can speak BGP .. typically, a proper router (aka not a cable modem) .. but you could stick pFsense or similar between your LAN, and your cable modem .. it can do BGP for you ... | 07:25 |
kiall | Not sure if VPC requires a *valid* AS Number tho .. | 07:26 |
Ashtray777 | ok ok. If did have a standard home router (which I dont right now) would that be even better? | 07:26 |
Ashtray777 | would that speak BGP | 07:27 |
kiall | No .. No home routers dont do BGP :) | 07:27 |
kiall | wait | 07:27 |
kiall | No .. No home routers do BGP :) | 07:27 |
Ashtray777 | oh ok :) | 07:27 |
Ashtray777 | I'm looking at this pfense thing | 07:28 |
kiall | you would need a "proper" router (think Cisco ...) or something like pFsense which can do both the VPN and BGP needed for VPC | 07:28 |
Ashtray777 | So you think I can just go ahead and install this pFsense program on my machine and it will git er done? | 07:29 |
kiall | well .. not "on your machine" .. usually on some old PC since it takes over the whole PC to act as a network firewall/router ;) .. There are likely things you can just install on your PC .. but I've never looks for any | 07:31 |
Ashtray777 | oh crap. lol. I'm reading it now that its a whole OS. LOL | 07:31 |
flaccid | Ashtray777: you can't be on the internet without a router. you have a router. | 07:31 |
Ashtray777 | I just have a cable modem. That's not functionally considered the same thing as a router is it? It cant be. | 07:32 |
flaccid | true, it could be bridged directly to 1 client only. either way, you need supported hardware to run a VPC, which you don't have. | 07:33 |
Ashtray777 | oh i know. I can use virtualbox to create a pfSense Installation! | 07:33 |
Ashtray777 | ? | 07:33 |
kiall | flaccid, exactly .. pFsense can be used to do what your looking for (assuming your cable modem can run as a bridge) | 07:33 |
kiall | Ashtray777, kinda .. VPC will route the traffic from your VPC to your public IP .. and pfsense needs to running on that IP.. | 07:34 |
flaccid | kiall: i'm not looking to do anything | 07:35 |
kiall | I was just agreeing with you .. then adding more ;) | 07:36 |
Ashtray777 | So should work. Thanks guys. I'd be lost without you. | 07:36 |
flaccid | i have doubts that this would work, but good luck | 07:36 |
kiall | The simple/cheap answer is grab an old PC (200Mhz P2's will pass a good few Mb/s) and put pFsense on it .. the other way is to replace your router(/modem) with something compatible.. there are more ways .. but i'll pass on trying to explain them in IRC ;) | 07:36 |
kiall | flaccid, I've used VPC and pfSense .. it does work .. | 07:36 |
flaccid | the simple/cheap answer is to just use a routed OpenVPN. costs nothing. | 07:37 |
flaccid | kiall: doesn't mean it will work with other variables | 07:37 |
kiall | of course .. but you can say that in any situation ;) | 07:37 |
Ashtray777 | a routed OpenVPN you say. let me google that | 07:37 |
kiall | even with openVPN, dont you need something to speak BGP with aws? | 07:38 |
flaccid | with openvpn, you wouldn't need anything else | 07:40 |
Ashtray777 | openVPN habla BGP? | 07:41 |
Ashtray777 | it speaks BGP? | 07:41 |
flaccid | not sure | 07:41 |
flaccid | it doesn't need to | 07:41 |
kiall | flaccid, it doesnt need to with VPC .. or EC2? | 07:41 |
kiall | (Im asking since it could simplify things for me ;)) | 07:42 |
Ashtray777 | It says I need to enter my gateway routers BGP ASN number | 07:42 |
flaccid | a routed openvpn negates the need for BGP. | 07:42 |
kiall | Yea .. I'm 99.999% sure that Amazon VPC requires the use of BGP .. flaccid you sure you can use VPC without BGP? | 07:43 |
flaccid | i'm not talking about using vpc | 07:43 |
kiall | ah .. he is ;) and I am ;) | 07:43 |
Ashtray777 | yeah yeah my bad for not re-iterating that. | 07:44 |
flaccid | nd he doesn't have bgp and an asn. | 07:44 |
flaccid | *and | 07:44 |
kiall | ASN's over 65k-ish are free for all and usable with VPC .. no need for an "official" one | 07:45 |
kiall | anyway .. if you can get the same thing with simple OpenVPN and EC2 .. why not.. easier to setup / manage unless you have a good reason to specifically use VPC | 07:45 |
Ashtray777 | not a good reason. Just practice. I'm learning. | 07:46 |
Ashtray777 | OpenVPN sounds interesting | 07:46 |
Ashtray777 | So you say ASNs over 65k are free for all.... Does that mean I can just randomly put in any # over 65k in the ASN field? kind of a dumb question, probably 'no' | 07:47 |
kiall | yea. . anything between .. 64512 and 65534 ish are public .. but you would still need something (either a proper router .. or software like pfsense) on the client side that speaks BGP .. flaccid's method might be easier if your not familiar with the likes of BGP .. :) | 07:48 |
flaccid | yes, that was my original point. | 07:48 |
Ashtray777 | I need to get familiar with BGP cause I'm going to do CCNA | 07:49 |
flaccid | in that case Ashtray777 you should get a cisco vpn router such as a PIX | 07:49 |
kiall | Aha .. In that case ... pfsense will do what you need .. but wont be worth a thing for your CCNA since it aint cisco :) | 07:49 |
flaccid | yerp | 07:50 |
flaccid | if you wanna learn cisco console get a device with it | 07:50 |
kiall | you can get second hand cisco kit v.cheap on ebay .. well worth it if your serious about CCNA and above exams .. | 07:50 |
Ashtray777 | which one of these should i get? wow this has so much. | 07:51 |
Ashtray777 | I want to do ssl and ipsec too! | 07:51 |
Ashtray777 | http://www.amazon.com/s/?ie=UTF8&keywords=cisco+vpn+router&tag=googhydr-20&index=aps&hvadid=4112376355&ref=pd_sl_94bfgr0fzz_b | 07:51 |
* kiall glares at the pile of asa 5510's currently under my desk ;) | 07:51 | |
kiall | well .. thats all cisco's home and small business range .. | 07:51 |
flaccid | get what you can afford and make sure it is not linksys | 07:52 |
Ashtray777 | thats what I'm looking for right kiall ? | 07:52 |
flaccid | it needs to be a real cisco product | 07:52 |
kiall | well .. first ebay hit for "cisco CCNA" is http://cgi.ebay.ie/CISCO-CCNA-LAB-270-00-2620XM-2950-WIC-1T-DTE-DCE-/250722197987?pt=UK_Computing_NetworkSwitches_RL&hash=item3a603521e3#ht_3045wt_907 | 07:52 |
Ashtray777 | ok | 07:52 |
flaccid | cisco home = linksys | 07:52 |
kiall | 3x routers and 2x switches for 270 ;) .. so 1x should be cheap enough! | 07:52 |
Ashtray777 | I really only want this for VPN functionality guys because I already have GNS3 router emulator | 07:53 |
flaccid | that contradicts your point on learning cisco | 07:53 |
flaccid | which then comes back to my original response | 07:53 |
flaccid | of using openvpn. if you aint going to have the hardware then whats the point | 07:53 |
flaccid | or do pfsense as per kiall | 07:54 |
Ashtray777 | Will a $110 router create the VPN I need to do a VPC? | 07:55 |
flaccid | the cost of the router has nothing to do with requirements | 07:55 |
flaccid | will a $100 car get me to the corner store? | 07:56 |
kiall | flaccid, exactly ... for example .. here's a £35.25 router that I believe will work .. http://cgi.ebay.ie/CISCO-2611-CCNA-Router-WIC-1T-12-3-IOS-2610-Lab-/290495027881?pt=LH_DefaultDomain_3&hash=item43a2da5aa9#ht_1349wt_907 | 07:56 |
Ashtray777 | true, i was just wondering if that's the price I would expect to pay to meet those requirements | 07:56 |
flaccid | lol still searching with ccna in the product, thats hilaroius | 07:57 |
flaccid | i just use a pix 501 | 07:57 |
flaccid | done. | 07:57 |
kiall | flaccid, yea .. people sell "CCNA kits" | 07:57 |
flaccid | lame | 07:57 |
kiall | Anyway .. Ashtray777 if your going for the CCNA .. Amazon VPC isnt on the exam .. your better off getting one of those "CCNA Kits" for £250ish and having a proper "lab" to experiment with.. you'll learn a hell of a lot more... oh and .. good luck ;) | 08:06 |
Ashtray777 | I know Amazon VPC isn't on the exam =) I just like learning different technologies. Thanks for the help much appreciated. | 08:07 |
kiall | (or buy whatever pieces of kit you need individually .. makes no difference .. its all just second hand gear) | 08:07 |
flaccid | or just get a pix firewall and have the best of both worlds cheaper | 08:07 |
Ashtray777 | yeah i'm thinking about a pix | 08:08 |
kiall | true .. but a single pix will work with VPC alright, but doesnt cover all the CCNA setup's your going to run into.. | 08:08 |
Ashtray777 | I dont plan on spending any money on CCNA "kits" though. | 08:08 |
flaccid | this channel is not about getting ccna qualified :) | 08:08 |
Ashtray777 | I'm just going to have to learn in the classroom and with GNS3 | 08:08 |
flaccid | lol | 08:08 |
kiall | lol .. that works too .. use the college lab ;) | 08:08 |
flaccid | well thats what they are for | 08:09 |
flaccid | if it is sufficient | 08:09 |
Ashtray777 | u guys gave me lots of options so I'm going to need to re-read this conversation again. hehe | 08:09 |
flaccid | omg. you might want to reconsider your profession then heh | 08:09 |
flaccid | sorry that was a joke | 08:10 |
Ashtray777 | lol no worries | 08:10 |
flaccid | what you guys doing talking about hardware | 08:10 |
flaccid | cloud made me able to not go to hardware | 08:11 |
Ashtray777 | i know right | 08:11 |
flaccid | i guess we'll consider vpn routers as donuts in the cloud | 08:11 |
Ashtray777 | There's a BGP routing daemon in the Ubuntu Software Center | 08:24 |
kiall | quagga probably | 08:24 |
Ashtray777 | yeah. you know of it? | 08:25 |
kiall | Use it all the time .. but its only a small part of you need to get hooked up to VPC .. part of it being, you need your public IP to be the VPN termination point, which also needs to be running the BPG daemon (eg quagga).. so installing it on my PC probably wont help with getting it working .. at least - not without some other funky network setup | 08:26 |
Ashtray777 | thanks, I'll take your word for it | 08:28 |
Ashtray777 | no VPC until I get a real router or a box with pfsense | 08:29 |
kiall | If you can get your cable modem to pass the public IP directly to your PC (No form of NAT will not work), you can run quagga + racoon/openswan on your PC and get it going .. but most cable modems wont do that | 08:29 |
kiall | (No form of NAT will work*) | 08:29 |
kiall | Keeping using double and triple negatives for some reason .. and using them wrong at that. | 08:29 |
Ashtray777 | over my head because this entire time I thought the public IP was simply my PC IP address | 08:30 |
kiall | your public IP is what you see when you go to http://checkip.dyndns.org | 08:30 |
Ashtray777 | ok yeah, thats right. | 08:30 |
Ashtray777 | my pc ip address | 08:31 |
kiall | (aka it doesnt start with 10. / 192.168 / 172.something) | 08:31 |
Ashtray777 | yeah i'm not on a router | 08:31 |
Ashtray777 | my ip starts with 68 | 08:31 |
kiall | aha .. didnt know ISP's still gave out "true modems" that dont do any routing .. | 08:31 |
kiall | your in luck then ;) | 08:32 |
kiall | http://openfoo.org/blog/amazon_vpc_with_linux.html | 08:32 |
Ashtray777 | :) | 08:32 |
kiall | Thats a guide for quagga + raccoon .. ;) | 08:32 |
Ashtray777 | sweet! thanks!!! | 08:33 |
kiall | No idea why I didnt think of that earlier .. ah well .. its early! | 08:33 |
Ashtray777 | no matter, thanks so much | 08:33 |
Ashtray777 | I need more coffee | 08:34 |
flaccid | yes kiall thats called bridging :) | 09:38 |
flaccid | your desktop OS is the router | 09:38 |
kiall | lol .. really? .. joking aside .. I've yet to see any CPE here (Ireland) that supports it .. | 09:39 |
kiall | guess other ISPs dont disable it like ours do ;) | 09:40 |
kiall | And .. I also noticed he kept calling it a "modem" .. Im so used to hearing that word and thinking "screwed up router" ;) | 09:41 |
kiall | rather than an actual modem with no routing functionality ;) | 09:41 |
flaccid | a modem is a modem | 09:43 |
flaccid | a router is a router | 09:43 |
flaccid | an example of a commonly used modem is a wireless usb stick | 09:43 |
kiall | of course .. but when 90% of people say the word "modem" to me .. they really mean "router" ... ;) | 09:44 |
flaccid | this plugs into your windows or whatever and your OS becomes the router | 09:44 |
flaccid | i don't make those kind of assumption and i prefer to educate if they are wrong | 09:44 |
flaccid | its a good idea to clarify what they are actually using | 09:44 |
kiall | just like when family/friends ask me to fix their god damn PC's .. "sure .. bring the PC over and I'll look - I just need the PC tho, not the keyb / mouse / screen .." .. they then arrive with the monitor .. just the monitor. | 09:45 |
kiall | So yea .. I make assumptions about what people say sometimes ;) | 09:45 |
=== timwood_ is now known as timwood | ||
=== nigelb is now known as Guest81825 | ||
=== dizz is now known as dizz|away |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!