I have my personal VPN, connecting several devices so they can have fixed IP addresses on an always-reachable network (as long as they are connected to the Internet). This is necessary for me, since my devices can be on the move, on different and unpredictable networks (4G network cellphone, laptop at university, home server at home), and I have a backup server that needs to connect to them (and sometimes, I also have to).
I am also thinking about installing something like syncthing, which may also benefit from lower latencies and closer nodes.
Also, I'm lazy, and I like to play/pause the music playing on my home server from my smartphone, that might not be on the same network (it should, but it isn't always the case).
This means I have one OpenVPN server, and the openvpn
client running on every device. They all connect to the server, and any traffic from any two nodes has to go through the server, which is relatively far away, and has a very limited throughput. This means latency and slowness. And when I press the "Pause" button, it can take up to 10 seconds to actually pause the music. Even if both nodes are actually on the same LAN (since they talk through the VPN). Meh.
Ideally, there should exist some way of creating a VPN that was able to find shortest paths between nodes, and attempt to connect them directly. Something like the way Skype worked with supernodes?
While the server is far away from here, one of the nodes has a public IP address, and can be reached by the other nodes. It could act as a server from them - even if it isn't the server itself, although it would be a better choice for some nodes.
I imagine I could do something akin to run both a client and a server, and bridge them on that node, but that doesn't look elegant. It's hackish, it complicates the PKI, it splits the VPN. I don't like it.
While I could use a simple VPN like PPTP that really doesn't ensure the communications are secure, I decided I didn't want to bother configuring Bacula to encrypt the connections between the nodes, which means that traffic is plain inside the VPN. The VPN encapsulation is the only security, so it shouldn't be weak. However, anything that solves the "mesh"-like VPN without confidentiality would already be a good start - I'd make sure the traffic started going through SSL/TLS.
This looks like a problem that someone else might've had, and solved by now. Is there anything like this?
There's also the chance I'm looking at this the wrong way, but so far it looks like the best approach to ensure I can always connect to any of my devices remotely, no matter where I am, or they are.