Grant wrote:
I'm hoping to use the vpn in three few ways:
1. imap and smtp between my laptop and the mail server
2. ssh from my laptop to the remote server
3. cups printing from the remote server to the print server
I don't think you need a VPN to SSH from your laptop to the remote
server -- SSH is already encrypted.
For sure, but it seems like running SSH inside a VPN is better for
security than running SSH on a non-standard port or even port
knocking. If I need to set up a VPN for printing, shouldn't I use it
for other stuff too? Maybe not, I have yet to actually use a VPN so
please correct me if I'm wrong.
SSH + Public/Private Keys. I don't accept passwords on my box, you need
to have a correct account name and a private key for that machine to
even think about talking to you. The only authentication method is
PubKeyAuth; everything else is NO.
If your laptop is always behind your local firewall, then it should be
sufficient to have an OpenVPN tunnel established between your local
firewall/print server and your remote server. This should allow you to
print.
Configuring the routes on your laptop to go through your local
firewall and VPN to the remote server should allow you to grab your
mail.
If you move around with your laptop then you'll need to establish the
VPN tunnel to your remote server anytime you need to grab your mail
from anywhere else but home (behind your local firewall).
Ah, tunnels, OK. I need to think in terms of tunnels. I'll
definitely be moving around and won't be behind my local firewall too
much of the time. Can I set up the openvpn server on my remote system
and keep a tunnel open between it and the firewall/print server for
printing, and also initiate a tunnel between the laptop and the remote
system whenever I need to mail or SSH? Does that sound like a good
plan?
- Grant
The other thing you can do is run ssh and use tunneling to run printing
over. Granted it's kind of a pita for more stuff, but it's a poor man's
vpn. (and what I use to view my webservers at home)
Eric
--
[email protected] mailing list
