On 2021-06-27 3:06 p.m., David T-G wrote:
Hi, all --
I would have called this a vpn, but after reading the recent [excellent] thread on what is or isn't vpn and what it can or can't do for one, maybe that's not the right term ...
I have multiple sites
A.comcast.net 192.168.a.0/24 B.att.net 192.168.b.0/24 C.localisp.net 192.168.c.0/24 ...
that I would like to integrate into my own WAN and be able to see devices (machines, printers, etcetc) using the Internet as my transport medium. [NB that I don't have a proper router at most of these sites; I only have what the ISP gives me.] Better yet, when I'm on the road with a laptop I'd love to be able to connect into that and be part (just like remote office work). I was thinking that a host at each location, exposed through the firewall, would act as the local gateway and I could just route traffic across ... um, well ... that's where I run out :-)
Is there any consumer-level software that will let me overlay a private network across multiple sites and encrypt the traffic between sites? And does each device in a site have two addresses (192.168.?.? and 172.16.?.?) or do I set each router's internal DHCP range to the larger network?
Where do go to I learn about this stuff? :-)
TIA again
:-D
I think you are still talking about a VPN. You can have multiple site VPNs, either with a common "hub" or just individual links between sites. With only 3 sites, that may be the way to go. You then have to set up the appropriate routing among sites. That is a bit beyond what consumer grade router can do but is trivial for proper routers from Cisco etc. You may want to look into pfsense, which is built on FreeBSD. You can buy Netgate routers or install it on an old computer. I run it on a Qotom mini PC, with i5 CPU, 4 GB RAM, 64 GB SSD and 4 Gb NICs. Pfsense supports IPSec, OpenVPN and Wireguard VPNs. Hopefully, you're also considering IPv6. Both Comcast and AT&T provide it. I've been running IPv6 for over 11 years. Instead of having to share a single IP address with NAT, as on IPv4, IPv6 provides an incredibly huge number of addresses. I get a /56 prefix from my ISP, which contains 2^72 addresses. A single /64 prefix, as would be used on a LAN provides 18.4 billion, billion addresses. I currently have /64s for my main LAN, guest WiFi, test LAN, VPN and a LAN on a Cisco router. That leaves me with only 251 spare /64s. ;-) BTW, a single /64 has the entire IPv4 address space squared!