[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Setting up an VPN

To: Rembrandt <rembrandt@jpberlin.de>
Subject: Re: Setting up an VPN
From: Dan Brosemer <odin@svartalfheim.net>
Date: Mon, 16 Feb 2004 18:42:13 -0500
Battlestar-Galactica-Date: 43649 centons, 21 microns, 11.11 lutefisk
Cc: misc@openbsd.org
Content-Disposition: inline
Mail-Followup-To: Rembrandt <rembrandt@jpberlin.de>, misc@openbsd.org
References: <3881.217.232.37.27.1076974187.squirrel@www.jpberlin.de>
User-Agent: Mutt/1.4.2i

On Tue, Feb 17, 2004 at 12:29:47AM +0100, Rembrandt wrote:
> I will set up an VPN on a WebServer (and YES it's an OpenBSD).
> I can't choose a key exchange method.
> - manual keyed, or
> - automated via isakmpd(8)
> 
> Wich method is more secure for a VPN with 1 fix (IP) server and serval
> (less then 5!) dyn. (IP) Clients?

Well, I don't know about more secure.  You get to make tradeoffs either way,
but if you have dynamic-IP peers, you'll either be cooking up a *mess* of
scripts or using isakmpd.  I hate kludging together scripts when there's an
easier solution, so I'd recommend isakmpd for this.

> I would tunnel diffrent things trough the VPN (nfs, mail, hhtp, ssh and so
> on) but the server should also run an http(s) for the public.

That shouldn't be interfered with if you set up your tunnels correctly.

-Dan

-- 
"Burnished gallows set with red
 Caress the fevered, empty mind
 Of man who hangs bloodied and blind
 To reach for wisdom, not for bread."  -- Deoridhe Grimsdaughter

References:
- Setting up an VPN
  - From: "Rembrandt" <rembrandt@jpberlin.de>

Prev by Date: spamd logging twice
Next by Date: Re: cdrecord (SOLVED)
Prev by thread: Setting up an VPN
Next by thread: Re: Setting up an VPN
Index(es):
- Date
- Thread