VPN, or Virtual Private Network, allows you to create a secure connection to another network over the Internet which can be very beneficial for some use cases. VPNs can be used for many things, for example - access region-restricted websites, shield your browsing activity from bad guys on public Wi-Fi, connect and use local resources which are inaccessible from the outside world or simply create a secure network between your servers and isolate them.
So, what are the common steps for creating a VPN. You need to first connect to the public internet through the ISP (Internet Service Provider), then initiate a VPN using a client software. Sounds easy, right?
Well it depends on the software you choose, whereby most of the VPN solutions follow the client-server principle.
That means, all nodes connect to e central server which is the central point to all others. By such environment, the whole traffic passes through the central server creating a star topology, so this server needs lots of bandwidth. In case that the central server fails and it’s not able to handle the whole traffic, the VPN will go down and the other members will not be able to communicate. This is the main disadvantage by such setting.
So, if you don’t want to have that single point of failure, you can use a full mesh topology, where every participant talk to the others without having a central server. If one of them fails, the other members will not be affected. A good, simple and reliable peer-to-peer/full mesh solution is the PeerVPN.
Here is a short guide for installing and configuring of the PeerVPN software on RHEL:
1. Make sure that you can ping every server on its public IP.
// This is the name of the network interface ( like eth0 )
// this is the IP address range. Note that every peer should have a unique one in the same subnet, so simply increment the address for each new server. In my example I have the 10.1.1.1 , which will be the IP of the initialization peer.
//the initpeers is the initial host (its public IP/hostname + port) which has to be connected in order to discover the other hosts from the private network. This directive should be included only in the config files of the second, third... hosts
initpeers 220.127.116.11 7000
So here are two sample config files, the left is for the initialization peer and the right is for the other hosts: