Re: Many to many VPN
Hi Russell, Have you looked into AnyCast https://en.wikipedia.org/wiki/Anycast I am not sure if this is possible to implement in your situation but it sounds like it solves the problem you are fasing Nick On Thu, 10 Jan 2019 at 18:36, Russell Coker via luv-main < luv-main@luv.asn.au> wrote: > On Thursday, 10 January 2019 5:59:42 PM AEDT Mike O'Connor wrote: > > > Support is required for Linux servers and Linux, Windows, and OS/X > > > clients. > > > > Wireguard :) Possibly not the most user friendly but very impressive > tech. > > https://en.wikipedia.org/wiki/WireGuard > > I have had some experience with Wireguard. It requries kernel code that > isn't > in the mainline kernel so you need DKMS to get it going, that doesn't > exclude > it, but makes it a little more difficult. According to Wikipedia one of > the > benefits of WG is that it has less code, but some of that code is kernel > code > so the potential for problems if there's a problem is greater. Another > cited > benefit of WG is not being as difficult as IPSEC, but pretty much > everything > meets the "not as difficult as IPSEC" criteria. > > How does WG go for many-many operation? > > -- > My Main Blog http://etbe.coker.com.au/ > My Documents Bloghttp://doc.coker.com.au/ > > ___ > luv-main mailing list > luv-main@luv.asn.au > https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main > ___ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
Re: Many to many VPN
On Thu, Jan 10, 2019 at 05:41:50PM +1100, russ...@coker.com.au wrote: > If you have servers in multiple countries and people using those servers in > multiple locations what's a good way of setting up a VPN? > > Any ideas? simplest method would be to set up a VPN service with the same user credentials on all servers and let users choose which one to connect to, depending on where they are. Document the recommended VPN server for each region. Maybe also provide a shell script which pings each one to find the fastest/closest. LDAP's probably overkill unless you're already using it for other stuff. rsyncing the user credential file(s) from a "master" location to all other servers would work. > Support is required for Linux servers and Linux, Windows, and OS/X clients. maybe a powershell ping script too. craig -- craig sanders ___ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
Re: Many to many VPN
On Thursday, 10 January 2019 5:59:42 PM AEDT Mike O'Connor wrote: > > Support is required for Linux servers and Linux, Windows, and OS/X > > clients. > > Wireguard :) Possibly not the most user friendly but very impressive tech. https://en.wikipedia.org/wiki/WireGuard I have had some experience with Wireguard. It requries kernel code that isn't in the mainline kernel so you need DKMS to get it going, that doesn't exclude it, but makes it a little more difficult. According to Wikipedia one of the benefits of WG is that it has less code, but some of that code is kernel code so the potential for problems if there's a problem is greater. Another cited benefit of WG is not being as difficult as IPSEC, but pretty much everything meets the "not as difficult as IPSEC" criteria. How does WG go for many-many operation? -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ ___ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
Re: Many to many VPN
On 10/1/19 5:11 pm, russ...@coker.com.au wrote: > If you have servers in multiple countries and people using those servers in > multiple locations what's a good way of setting up a VPN? > > If you have a VPN server at each DC then performance will be great but users > have to setup multiple instances of the VPN software which they will mess up > and time will be wasted. > > If you have a VPN server at one DC then a user who connects to a server in a > different DC gets longer ping times. Also an outage in one DC breaks > everything. > > Any ideas? > > Support is required for Linux servers and Linux, Windows, and OS/X clients. > Wireguard :) Possibly not the most user friendly but very impressive tech. Mike ___ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
Many to many VPN
If you have servers in multiple countries and people using those servers in multiple locations what's a good way of setting up a VPN? If you have a VPN server at each DC then performance will be great but users have to setup multiple instances of the VPN software which they will mess up and time will be wasted. If you have a VPN server at one DC then a user who connects to a server in a different DC gets longer ping times. Also an outage in one DC breaks everything. Any ideas? Support is required for Linux servers and Linux, Windows, and OS/X clients. -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ ___ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main