VPPPN - Getting Started

• Home - VPPPN Home
• Help - This page
• Network Admin - Administering the VPPPN network and information regarding IP addresses and host names
• No DHC Connection - Problems connecting to the DHC server
• Symetric NAT Help - Problems with Symetric NAT routers
• Client Config Errors - Errors in the VPPPN application configuration
• UDP Ping Test - Test page for testing UDP connectivity and firewall setup
• Port forwarding - Setting up port forwarding on a home ASDL router
• TAP initialisation failed - Help for problems creating the TAP interface

Administrating the network

Once you have created a VPPPN network it will behave like a normal IP network, however there are some restrictions.

IP addresses

IP addresses are assigned automatically by the DHC server and are fixed. If you change your own IP, nothing will work, and you will cause problems for everyone else on the network too.
IP addresses are all in the range 10.23.1.6-254 and that can not be changed currently. If that conflicts with and existing local network there is no workaround.
The first IP address allocated with be 10.23.1.6 and so it is not possible to have more than 248 computers on a VPPPN network.
IP addresses in the range 10.23.1.1-5 are reserved for future use by VPPPN.
In the future we plan to start using the 10.23.2. IP address range as well.

Host names

Host names are added to the system automatically, these will be in the form username.vpppn. e.g. if user bobby joins the network you can ping bobby.vpppn. Host names are added to the system by modifying the etc/hosts file in Windows and Linux.

Routing

You should be able to firewall and route the network like any other interface, however dynamic routing will not work. VPPPN uses static ARP tables, and does not forward ARP, this is because one day we will implement application layer blocking of clients.

Broadcast IP

Broadcast IP should work, however since each broadcast packet is send to each computer encrypted specifically for the target computer, broadcast is not more efficient than unicast on a VPPPN network. If you have 10 members of your network active, a single broadcast packet will be encrypted 10 times and will result in 10 packets being sent on the Internet. This effectively limits the size of the network if you have a lot of use of Broadcast IP. In the future we may change this, so that the computers do not connect until a request to access a specific IP is received. But for now, bear in mind that a network of over 10 computers may not perform very well.

Multicast IP

Multicast IP packets are broadcast to all computers, so it is not as efficient as real Multicast. There is some code required to implement Multicast, it is in the pipeline.

Multiple instances/networks

You can only have one instance of VPPPN running at the same time, multiple networks would clash, but there are other reasons this does not work. We plan to implement the ability to run multiple concurrent instances of the VPPPN client software in the future.

Feedback

Let us know if any of the network configuration restrictions are a problem for you. Clearly the IP address and broadcast limitations are a bit of a pain if integrating VPPPN into a bigger network, however there is no easy solution that would not complicate the setup for normal users of VPPPN. VPPPN is designed for use over a ADSL dialup service connecting individual computers, it is currently not possible to implement network bridges, and it is not possible to route IP packets over a VPPPN connection unless you manually configure NAT translation. Such configurations would be easier to achieve using openvpn.
In the future we want to implement multiple VPPPN instances running at the same time and this means we have to select the IP ranges. Hopefully 10.23.1. is not too often in use in home networks, It probably is in use in big corporate networks but you should not be running VPPPN from work, now should you :)