TetherNet: The Anti-NAT solution to Internet-challenged environments
TetherNet is a system for dynamically relocating Internet subnets. This system can securely relocate portions of a network to a location remote from the original network via an automation process for configuration and management, using a graphical interface and multipoint control channel to manage overlay deployment at the IP layer. An anchor site can provide a delegated IP address block and reverse DNS as a rented service, and with this technology, a remote site can use those IP addresses with the same privileges.
- Provides true Internet service – globally routable IP addresses, with forward and reverse DNS – supporting services on well-known ports.
- Works behind NATs – provides Internet service for any IP-based protocol, even those defeated by NATs, including experimental protocols.
- Works behind varying dynamic IPs – enables stable connectivity even where DHCP leases are short and rotated, without timeout delays or protocol failures.
- Provides IPsec-encrypted IPv4, multicast IPv4, IPv6, and multicast IPv6 – all behind NATs or conventional IPv4.
- Works for any IP client: Unix, Windows, Mac, PDAs, embedded systems, etc., with plug & go and no additional support needed.
- Enable use of any IP client (PC, PDA, etc.) and protocol.
- Provide true Internet connectivity at conferences, exhibitions, and demos at a customer site, remote office, residence or hotel.
- Support experiments and testbeds.
- Provide stable and secure true Internet VPN without specific client support.
- Reuse office Internet address space – enables reuse of even small blocks.
- Community service: rent small blocks “at cost” to researchers, students.
- Simple web user interface for setup and management
- Setup WAN info (DHCP/static, DNS)
- Setup LAN
- Select rental site and parameters
- Box management (time, logging, monitor)
J. Touch. Those Pesky NATs. IEEE Internet Computing, July/August 2002, pp. 96.
Following the steps below relays a leased TetherNet subnet with the default configuration. For non-standard configurations, detailed instructions and troubleshooting information, please refer to the full TetherNet documentation.
- Make sure TetherNet box is powered down.
- Plug upstream network cable (to provider at remote location) into WAN port.
- Configure client machine to use DHCP, then connect it to LAN port via crossover cable, Ethernet switch/hub, or Wireless 802.11b NIC (only if wireless is enabled on the TetherNet box).
- Connect power cable to TetherNet box.
- Wait until Status LED starts blinking, then open a browser to access Any page or http://router.local.lan/ from client machine.
- If location uses DHCP, go to step 7 below, otherwise:
- Click WAN Setup button.
- Change connection type to Static IP Address.
- Enter IP address, network mask, default route, and DNS servers.
- Click Configure WAN Port button and answer Yes to reboot.
- Go back to Step 5 above.
- Click Lease TetherNet button.
- Pick Rental Site and desired Subnet Size.
- Click Start TetherNet Service
Joe Touch – PI
Lars Eggert, Yu-Shun Wang – students
Embedded release for Soekris 4801 (a 486-based system for use with Tethernet), includes FreeBSD, the X-Bone web server, the X-Bone GUI, an LDAP server, and a DNS server.
- Auto-scan bi-directional handshake to find available ports through firewall
- Automatic renew subnet lease:
- saved state (rental parameters)
- survive DHCP renumbering on the WAN port uplink
- auto-retry upon connection disruption
- auto-lease upon reboot
- Automatic web redirect to Tethernet rental page
- Supports MAC address cloning
- Defaults to non-NAT mode prior to rental
- More intuitive on-box LED blinking pattern
- Web-based GUI
- Auto Configuration
- Random or user-configurable port selection
- DHCP Server with configurable dynamic address range
- DNS cache
- Automatically cleanup leases after connection timeout
- Subnet Features
- IPv4 and IPv6
- IPv4 and IPv6 multicast
- Fair bandwidth allocation for active addresses
- Secure (TCP/SSL) configuration exchange
- Hardware-accelerated ecrypted tunnels with AES, DES, 3DES, etc.
- Password protection for designated blocks
- Box Features
- Supports NAT mode prior to rental
- Supports WiFi 802.11b with optional WEP
- Extensive monitoring status accessible through GUI