On 05.04.2006, at 07:50, Jim Butler wrote:
...
> VPN
...
since you said you are familiar with samba or dhcp or nfs
administration on the command line,
have a look at openvpn, especially on the "easy-rsa" folder included
in the source tree.
I don't use the scripts, they are rather clumsy, use global shell
environment variables, so lots of things that can go wrong, but they
are so simple, you can copy paste the neccessary openssl ca commands
and create the needed certificates, start the daemon and you're done.
the client configuration is rather simple, copy the client.crt and
client.key to the client (ok, you could even use the certificate
request programme in the windows distribution of openvpn and sign
those requests on the server, but you'll figure that out.
enter the server in the config file, setup as windows service, and it
works!
there are answers to the other questions as well, but I'll have to
work ...
I use openvpn to connect to the linux gateway in the office using my
osx powerbook, the bean counters use their windows machines (and I
even can use vnc to connect to their remote laptops if a problem
arises). The linux laptop users handle that themself (it is not that
hard), I just email the certificates.
finally I can say openvpn works rather well, and even the ipsec
tunnels on the same machine for branch offices are unaffected by the
operation of openvpn, If allowed ("push-route"), users can even reach
them as well.
matthias
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss
