This is about having gateways to the "real internet" available in the mesh, but only behind a VPN, a service that could be paid to finance the mesh.

Just a brainstorm for now:

1. no default route (0.0.0.0) should be announced unless people are really nice and want to give out free (and insecure) internet
2. let's use vpn?
3. we need to distribute certificates
4. how do give access? through a client cert? or username/password? how do we revoke it?
5. the bug in the ?olsrd routing is a big issue: we can't setup a VPN if we can't ping the remote host!

References

• Freifunk VPN + OLSR GSOC project
• Opennet VPN configuration details (in german)

Update: vpn tests started, but no clear result yet. Other alternatives: IPsec, tinc and cjDNS, in order of personnal preference.. --anarcat