[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: large campus network ... sugestions

> I'm interested in a better authentication method than registering all
> the MACs+IPs of all my users (which after all is just dust in the wind
> ...) using my current hardware (16 servers, 1 for at least 250
> clients). I was thinking about ppp based authentication but it doesn't
> look very scalable and secure ... am I wrong ?

openvpn might be an easier solution.

> Also due to the fact that my ISP doesn't agree with opening all ports
> and traffic shaping due to possible attacks, most of my clients are
> using tunneling methods like "your freedom" and "surf no limit", which
> currently produce a high CPU usage on all the servers due to the
> CONNECT method in the Squid Proxy Cache. Currently i just drop/traffic
> shape the tunneled P2P traffic via ipp2p/l7-filter module of iptables.
> I still believe that opening all ports and traffic shape them would be
> the only solution ... but this would impose a high network security
> ... so i`m back to point 1 ... suggestions ?!

Does that mean that you allow CONNECTs to all ports?


Reply to: