[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Setting up an VPN
On Tue, Feb 17, 2004 at 12:29:47AM +0100, Rembrandt wrote:
> I will set up an VPN on a WebServer (and YES it's an OpenBSD).
> I can't choose a key exchange method.
> - manual keyed, or
> - automated via isakmpd(8)
> Wich method is more secure for a VPN with 1 fix (IP) server and serval
> (less then 5!) dyn. (IP) Clients?
Well, I don't know about more secure. You get to make tradeoffs either way,
but if you have dynamic-IP peers, you'll either be cooking up a *mess* of
scripts or using isakmpd. I hate kludging together scripts when there's an
easier solution, so I'd recommend isakmpd for this.
> I would tunnel diffrent things trough the VPN (nfs, mail, hhtp, ssh and so
> on) but the server should also run an http(s) for the public.
That shouldn't be interfered with if you set up your tunnels correctly.
"Burnished gallows set with red
Caress the fevered, empty mind
Of man who hangs bloodied and blind
To reach for wisdom, not for bread." -- Deoridhe Grimsdaughter