[plug] CIPE / VPN
Paul Arch
paul at sdmgroup.com.au
Tue Oct 21 16:56:03 WST 2003
> Yep, and it works very, very well..
> I have 2 remote tunnels to a single location.
>
> The main point is running a Fortress Firewall, I have poked 2 holes in
> it doing udp masq to an internal linux box.
> Both remote ends are behind ADSL/ISDN boxes that only do NAT.
> The remote ends are set up as dynamic ip devices, and told the static ip
> of the main point. Works a treat..
>
> The remote ends did not require any configuration of the NAT devices and
> no static ports or anything like that.
>
> I'm not using PKCipe and only using static 128 bit keys.
Ahh excellent, I was using PKcipe, but when the Remote device was
re-connecting through GPRS after a disconnect, it didnt seem to be updating
to the server its new IP. So I have now changed to using static config /
keys, and it looks like everything is working sweet. Regarding security, my
only concern would be people getting access to either Remote Device or
obviously the Server collecting the information.
If the contained information transported is comprimised (cooling tower
data), I don't see that being too much of an issue. I am using mySQL queires
to request the information off the Remote Device. The Remote device is
behind a NAT gateway so should be fairly safe from attacks ?
If I was to connect for software updates, I would always be using ssh
anyway.
cheers
_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
More information about the plug
mailing list