> I have a VPN set up between three offices using DachsteinCD v.1.0.2. > Everything is working beautifully. Now I need to extend the functionality of > the VPN to a half-dozen laptops and a few (desktop) telecommuters. > > When I originally read the ssh documentation I breezed through the part > about "opportunistic encryption" and thought "Cool. When I'm ready for this > I can set up a 'dynamic VPN' and not have to manually create tunnels for > every user." Taking another look, though, it seems that this tool is not > ready for prime time. Am I wrong about that? The docs still warn "not > recommended for production use!" > > Are there any fancy tricks I can use to make this easier on myself, or do I > need to just quit whining and start configuring?
You don't need "opportunistic encryption". I'm presuming you'll know ahead of time *WHICH* laptops and desktops you want to allow to connect to your VPN, so it's just a matter of building appropriate connection descriptions for them in /etc/ipsec.conf (using RSA keys or the x.509 patches helps a lot here), and properly configuing the remote VPN software. There's a big difference between "road-warrior" (far end has a dynamic IP) and "opportunistic encryption" (where you encrypt any traffic between you and another host supporting opportunistic, so you can help keep those NSA supercomputers busy decrypting e-mail SPAM and google searches :-) Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
