[plug] clients "phone home" to server. VPN maybe?
Tim
weirdit at gmail.com
Sat May 2 17:20:05 WST 2009
>
>> Now the simplest thing I can think of, is include a default
>> certificate/key for the client machines on there, and once they are
>> connected and identified to the VPN, then ssh them a client specific
>> certificate/key.
>
> That, also, would work. A "bootstrap" VPN connection would be fine,
> provided you didn't keep using it.
>
> I would probably deploy it as a separate "shared key" OpenVPN service
> with much, much tighter security wrapped around it, however.
What do you mean by "shared key" OpenVPN?? Is there another mode of
running it? I'm currently running my server with the option to allow
duplicate keys, so will see how that goes. Will most likely have the
clients use the shipped key, and then ssh the client specific key at a
later date to them.
<snip>
>> So, do I attempt UDP with TCP fallback? Or just use TCP?
>
> The first, if you want to be robust for an unattended remote system.
Any ideas on setting up fallback? I know I can run the server with
both on the same port. What about the clients? How can I make that
fallback nicely?
Thanks
Tim
--
Timothy White - Somewhere in Australia
More information about the plug
mailing list