On Wed, 2008-02-13 at 08:19 -0800, Grant wrote: > > Thanks a lot for everyone's help. Here is a more to-the-point list of > what I'd like to accomplish: > > 1. encrypt CUPS printouts between remote server and local print server > 2. add an additional layer of security around SSH and CUPS on local > firewall/print server > 3. add an additional layer of security around SSH, IMAP, and > non-standard port HTTPS on remote server > 4. enable access to SMTP on remote server for me which is blocked by > my local ISP > > It sounds like I have 3 choices: > > 1. VPN > 2. SSH tunneling > 3. Zebedee tunneling >
Simplyfy - send cups and smtp send only by zebedee SSH and HTTPS are already highly regarded as "safe". Convert your email reading to to the secure imaps. Experience over the years has me sitting on the side of using as few layers as possible - anything you add is going to increase complexity (management time) and reduce reliability. I do run openvpn and zebedee (in the past) using iptables to restrict access, and the services themselves are killed/restarted at appropriate times via cron to minimise exposure. Zebedee handles it very well (except when in server mode on a doze box!!) - openvpn can be a bit .. ah ... fussy ... I find it will sometimes get in a loop of out of sync connection attempts requiring manually logging into both ends to fix, and complex routing is always fun. It is more designed to be always up and available rather than on/off. Zebedee however can handle most scenarios quite well, including a server behind a firewall where it can "call out" to the client. BillK -- gentoo-user@lists.gentoo.org mailing list
