[plug] clients "phone home" to server. VPN maybe?
Tim
weirdit at gmail.com
Sat May 2 14:06:59 WST 2009
I'm starting to play with OpenVPN now. I'm wondering about the keys
for the client machines. If I was to generate a "client" key and all
clients connected with it, would that cause problems? The basic reason
for asking is I produce an install CD, that installs the base system,
and then (via secured SVN) gets some more software (custom interface's
and stuff), as well as a setup script that pulls down patchs for all
the config files and installs other specific files for the system. Now
the simplest thing I can think of, is include a default
certificate/key for the client machines on there, and once they are
connected and identified to the VPN, then ssh them a client specific
certificate/key.
Also, TCP .vs. UDP. I've read much on it so far. Basically, the link
on my side is stable, static ip, decent connection. The link on the
other side can be anything (and knowing South Africa, it can be very
flaky). UDP seems to be the safer option, due to packet loss and TCP
over TCP causing issues. The majority of what needs to go over the VPN
is ssh traffic and web traffic (to administer and monitor), both of
which are TCP. But from what I've also read, a UDP connection may be
harder to establish. So, do I attempt UDP with TCP fallback? Or just
use TCP? I'm not really sure with this one what the best option is. Is
there a way to make TCP over TCP work nicely?
Thanks
Tim
--
Timothy White - Somewhere in Australia
More information about the plug
mailing list