The solution I found is called CIPE
(http://sites.inka.de/sites/bigred/devel/cipe.html) and it encrypts all of
my backup traffic that travels on the public internet with no problems. The
only gotcha is that I think it is for Linux only.
Anything that gives a routable path between two networks should work in a
point-to-point scenario.
If you have multiple machines in a public network that need to be backed up,
you could put a PtP encrypted tunnel (it that IPSec? I don't know) from each
of the machines to the AMANDA host, but that might get a bit cumbersome.
If you post more details (number of machines, is tape host on public/private
network, are there firewalls involved) we can probably give more detailed
suggestions.
I can't think of any reason that AMANDA won't work over any connection that
will allow normal TCP traffic.
Hints:
1. Get AMANDA installed on your tape host and make sure she can back up the
machine she's installed on. This will save a lot of time down the road.
2. Add hosts slowly. If you're doing backups over a VPN or other tunnel,
make sure that the tape host and client can ping each other by name and IP
address.
3. If you're going to have a pile of PtP connections like that, you should
also be using network monitoring software to keep an eye on all of them. I
found, use, and give thanks daily for Big Brother (www.bb4.com).
Good Luck!
Paul
Disclaimer: I'm not affiliated with either product, they just work for me so
I recommend them.
-----Original Message-----
From: Charles Sprickman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 02, 2001 6:51 PM
To: [EMAIL PROTECTED]
Subject: IPSec for safety?
Hi,
I looked at amanda some time ago, and everything looked really great
except for lack of encryption/authentication (who wants their password
files flying unencrypted all over the network?)...
I'm discounting Kerberos, as that is another project to set up.
One thing that has changed is that IPSec now ships on FreeBSD... That
seems to solve both problems. Anyone doing this? Everything work as
expected? Any hints?
Thanks,
Charles
| Charles Sprickman | Internet Channel
| INCH System Administration Team | (212)243-5200
| [EMAIL PROTECTED] | [EMAIL PROTECTED]
