nice, no problem, i don't need crypt outside vpn, i will test and any news i will reply :) thanks guy
2014-02-19 13:20 GMT-03:00 Reindl Harald <[email protected]>: > depends, for the WAN VPN is enough > openVPN supports compression > > # Enable compression on the VPN link > # If you enable it here, you must also > # enable it in the client config file > comp-lzo > > but keep in mind that the link between MySQL and the VPN > server itself is unencrypted, so if you need end-to-end > encryption for security reasons use both > > however, mysql supports compression for replication native > > http://dev.mysql.com/doc/refman/5.0/en/replication-options-slave.html > --slave_compressed_protocol={0|1} > Command-Line Format --slave_compressed_protocol > Option-File Format slave_compressed_protocol > System Variable Name slave_compressed_protocol > Variable Scope Global > Dynamic Variable Yes > Permitted Values > Type boolean > Default OFF > > If this option is set to 1, use compression for the slave/master protocol > if both the slave and the master support > it. The default is 0 (no compression). > > Am 19.02.2014 17:16, schrieb Roberto Spadim: > > nice, i will try a vpn, do you think i need ssl+ vpn or just vpn give a > good security and good compression? the > > link is very poor (satelite with very high delay ~1 second or more) > > > > 2014-02-19 11:15 GMT-03:00 Reindl Harald <[email protected]<mailto: > [email protected]>>: > > > > > > > > Am 19.02.2014 14:10, schrieb Roberto Spadim: > > > What is better (better = more secure, and with good compression), > a ssh tunnel, > > > or a native mariadb ssl connection between master/slave replication > > > mariadb servers? > > > > both combined - any replication here is using mysql-ssl-encryption, > even > > between VM's on the same host because they may be splitted to > different > > hosts in case of VMotion > > > > since i would never ever have listen MariaDB/MySQL the ssh-tunnel is > > mandatory in any case or better if possible OpenVPN because the > > encryption and HMAC-authentication of OpenVPN improves security > > dramatical > > > > _____________________________________ > > > > have fun try to break that tunnel, you need the "ta.key" to even get > any > > package accepted, then ca.crt and client.crt and need to break > DHE-AES > > > > and since it's easy to setup MySQL replication with SSL *inside* that > > tunnel it get wrapped - until today nobody on this planet can break > > that all at once without a rootkit on the involved machines > > > > Tue Feb 18 22:10:15 2014 Control Channel Authentication: using > '/etc/openvpn/ta.key' as a OpenVPN static key file > > Tue Feb 18 22:10:15 2014 Diffie-Hellman initialized with 4096 bit key > > Tue Feb 18 22:10:15 2014 Outgoing Control Channel Authentication: > Using 512 bit message hash 'SHA512' for HMAC > > authentication > > Tue Feb 18 22:10:15 2014 Incoming Control Channel Authentication: > Using 512 bit message hash 'SHA512' for HMAC > > authentication > > Tue Feb 18 21:10:27 2014 62.178.103.85:11258 < > http://62.178.103.85:11258> Data Channel Encrypt: Cipher > > 'AES-256-CBC' initialized with 256 bit key > > Tue Feb 18 21:10:27 2014 62.178.103.85:11258 < > http://62.178.103.85:11258> Data Channel Encrypt: Using 512 bit > > message hash 'SHA512' for HMAC > > authentication > > Tue Feb 18 21:10:27 2014 62.178.103.85:11258 < > http://62.178.103.85:11258> Data Channel Decrypt: Cipher > > 'AES-256-CBC' initialized with 256 bit key > > Tue Feb 18 21:10:27 2014 62.178.103.85:11258 < > http://62.178.103.85:11258> Data Channel Decrypt: Using 512 bit > > message hash 'SHA512' for HMAC > > authentication > > Tue Feb 18 21:10:27 2014 62.178.103.85:11258 < > http://62.178.103.85:11258> Control Channel: TLSv1, cipher > > TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 > > bit RSA > > > _______________________________________________ > Mailing list: https://launchpad.net/~maria-discuss > Post to : [email protected] > Unsubscribe : https://launchpad.net/~maria-discuss > More help : https://help.launchpad.net/ListHelp > > -- Roberto Spadim SPAEmpresarial Eng. Automação e Controle
_______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
