[plug] VPNs and stuff

[Craig Ringer]

Simon Scott wrote:

> Has anyone got any advice on other tech we can use to get a permanent
> LAN to LAN via double NAT style of VPN?

Double NAT, eh?

I'd be tempted to use IPv6 6to4 to work around the NAT, and try out IPv6 
IPSEC. Of course, that'll probably only work for you if your apps are 
happy with IPv6.

SSH-over-IPv6 is my preferred VPN solution where available. It does make 
the whole NAT issue neatly just go away, and it's pretty easy to get 
going. No good for UDP of course, and a bit of a pain if you need more 
dynamic tunneling, but pretty nice for lots of things.

Of course, if you can use SSH-over-IPv6 you could probably use 
SSH-over-IPv4 with a port forward, so I'm probably not saying anything 
helpful here.

Otherwise, there are less commonplace VPNs like CIPE that might be 
easier to punch through a port forward.

--
Craig Ringer