Re: Big VPN
Hello!
W liście z wto, 02-03-2004, godz. 22:57, Richard Atterer pisze:
> Does each of these 100 LANs need to connect to *any* other LAN, or just to
> "your" LAN? Are the LANs real LANs or do you only want to connect single
> "road warrior" machines to "your" LAN?
Generally I need possibility to connect from every LAN to every LAN.
It can be up to few simultenous connections, but there is no rule.
All LANs are real LANs with few till tenths of peers. Of course not all
of them have to talk to others, and for sure not at the same time.
Generally I expect about 10 outgoing simultenous connections per LAN.
> What's wrong with IPSec with X.509 certificates? You can give out a signed
> certificate to all people who should get access to your network, and remove
> individual people from the "allowed" list if necessary. IPSec works with
> all OSes as clients. The only downside (IMHO) is that the server can be
> fairly complex to set up for this kind of scenario.
I don't know IPSec so good, so one question: if I will add new node
(LAN), do I need to update configuration of all others about it ?
This is my biggest concern...
> <http://www.freeswan.org/> - you've seen this already I guess :)
> <http://www.natecarlson.com/linux/ipsec-x509.php>
> <http://www.ipsec-howto.org/> - new kernel 2.6.0 IPSec
> <http://ipsec.math.ucla.edu/services/ipsec.html>
> <http://lugbe.ch/action/reports/ipsec_htbe.phtml>
> <http://vpn.ebootis.de/>
THX!
best regards
Jarek
Reply to:
- Follow-Ups:
- Re: Big VPN
- From: Richard Atterer <richard@list04.atterer.net>
- References:
- Big VPN
- From: Jaroslaw Tabor <jarek@srv.pl>
- Re: Big VPN
- From: "I.R. van Dongen" <vdongen@hetisw.nl>
- Re: Big VPN
- From: Richard Atterer <richard@list04.atterer.net>