[plug] VOIP suggestions please

[Brad Campbell]

Steve Baker wrote:
> Brad Campbell wrote:
> 
>> W.Kenworthy wrote:
>>
>>> its generating and redoing the keys in a more logical and supportable
>>> manner that is bugging me!  Hopefully, this will be a once only - well
>>> until they expire!
>>
>> I gotta admit the key administration is a headache..
>> I just used the latest scripts delivered with openvpn and they kinda 
>> managed what I needed, but it will be a pain when I start going 
>> multi-server distributed across the place.. I'm going to have to do 
>> some serious testing/planning before I try and deploy that.
> 
> Why don't you use X.509 certificates instead?  I'm using them with Open 
> S/WAN and it is extremely simple to set up.  It was a minor hassle to 
> get the certs created in the first place, but once they are created it 
> is very simple to use them and really easy to add new nodes to the VPN.

(Showing my complete ignorance here). I *think* thats what I'm using now.. OpenVPN created them 
using openssl and every machine has its own cert..  adding a new node is a piece of cake now. Where 
I'm likely to get knotted a little is when I go multi server.

I'll be the first to admit I'm out of my depth in a carpark puddle here, but I'm learning :)


-- 
"Human beings, who are almost unique in having the ability
to learn from the experience of others, are also remarkable
for their apparent disinclination to do so." -- Douglas Adams