Hi,
Am 28.07.2017 um 09:43 schrieb PenguinWhispererThe: > Op vrijdag 28 juli 2017 01:39:56 UTC+2 schreef Stefan Klatt: >> Hi, >> >> what about OpenVPN and static IP ranges per client for it? >> This should be secure enough and you have no more problems with dynamic >> IP addresses. >> >> Regards >> >> Stefan >> >> Am 27.07.2017 um 18:19 schrieb PenguinWhispererThe: >>> Hi all, >>> >>> I've come by Bareos by accident after being a longtime Bacula user. >>> I have local and remote servers (by using some ssh port forwarding >>> fiddling) and some local "static" machines now in my backup and it's >>> working great. >>> >>> Now I'd like to expand this to have laptops backed up as well. These >>> laptops are on the road so the IPs/hostnames can't be put in the config as >>> they're changing. >>> >>> I was wondering if there's a possibility to backup these clients as well. >>> I understand I can open up some firewall ports to the internet to let >>> filedaemons connect to my server. However the server initiates some >>> connections as well IIRC and that would require the client side to change >>> the firewall to allow these (for example the router where this laptop is >>> connected to). >>> >>> Is this secure? And I mainly mean: is it a good idea to have these ports >>> open to the internet? Perhaps someone can bruteforce it or the "protection" >>> is not that strong? >>> >>> Another way would be to install OpenVPN and let each client setup a VPN. >>> While this is certainly possible it's yet another tool that has to be >>> installed + the openvpn tunnel should be up to make the backup work. >>> >>> Any remarks or thoughts are welcome. >>> >> > Thanks for your reply. I know I can use OpenVPN for this. However I'd prefer > to have just one client installation and keep things simple. > Users somehow always seem to mess things up and leaving OpenVPN out already > remove one hurdle. > > Perhaps there's some option to use a client side script with which I can open > some ssh port forwarding or something with putty. This way I just need to > distribute this instead of install OpenVPN. OpenVPN or SSH, you need a unique Key and/or Keyfile. If you use one Key and/or Keyfile for all notebooks and somebody loose a Notebook you can't disable/change the Key and/or Keyfile without disabling all notebooks. Without a little loss of comfort you can't implement the needed security. Probably you should think about more features like remote access to the network and data to get the user to accept this. Regards Stefan -- *CaC, Computer and Communication* Inhaber Stefan Klatt End-2-End Senior Network Consultant Triftstrasse 9 60528 Frankfurt Germany USt-IdNr.: DE260461592 Tel.: +49-(0)172-6807809 Tel.: +49-(0)69-67808-900 Fax: +49-(0)69-67808-837 Email: [email protected] Profil: http://www.cac-netzwerk.de/profil -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature
