Re: Many to many VPN

2019-01-10 Thread Nick Evans via luv-main 
Hi Russell,

Have you looked into AnyCast
https://en.wikipedia.org/wiki/Anycast

I am not sure if this is possible to implement in your situation but it
sounds like it solves the problem you are fasing

Nick

On Thu, 10 Jan 2019 at 18:36, Russell Coker via luv-main <
luv-main@luv.asn.au> wrote:

> On Thursday, 10 January 2019 5:59:42 PM AEDT Mike O'Connor wrote:
> > > Support is required for Linux servers and Linux, Windows, and OS/X
> > > clients.
> >
> > Wireguard :) Possibly not the most user friendly but very impressive
> tech.
>
> https://en.wikipedia.org/wiki/WireGuard
>
> I have had some experience with Wireguard.  It requries kernel code that
> isn't
> in the mainline kernel so you need DKMS to get it going, that doesn't
> exclude
> it, but makes it a little more difficult.  According to Wikipedia one of
> the
> benefits of WG is that it has less code, but some of that code is kernel
> code
> so the potential for problems if there's a problem is greater.  Another
> cited
> benefit of WG is not being as difficult as IPSEC, but pretty much
> everything
> meets the "not as difficult as IPSEC" criteria.
>
> How does WG go for many-many operation?
>
> --
> My Main Blog http://etbe.coker.com.au/
> My Documents Bloghttp://doc.coker.com.au/
>
> ___
> luv-main mailing list
> luv-main@luv.asn.au
> https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
>
___
luv-main mailing list
luv-main@luv.asn.au
https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main

Re: Many to many VPN

2019-01-10 Thread Craig Sanders via luv-main 
On Thu, Jan 10, 2019 at 05:41:50PM +1100, russ...@coker.com.au wrote:
> If you have servers in multiple countries and people using those servers in
> multiple locations what's a good way of setting up a VPN?
>
> Any ideas?

simplest method would be to set up a VPN service with the same user
credentials on all servers and let users choose which one to connect to,
depending on where they are. Document the recommended VPN server for each
region. Maybe also provide a shell script which pings each one to find the
fastest/closest.

LDAP's probably overkill unless you're already using it for other stuff.
rsyncing the user credential file(s) from a "master" location to all other
servers would work.

> Support is required for Linux servers and Linux, Windows, and OS/X clients.

maybe a powershell ping script too.

craig

--
craig sanders 
___
luv-main mailing list
luv-main@luv.asn.au
https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main