We have some administrative [accounting] applications that can be called only by a certain user, with a certain machine, and a certain IP. For user identification [password] and machine id [a portable] there are no problems ... (the portable has an OS that does not allow ipsec) We wish the user can move on other sites. Of couse if he move away and connect from another network the ip would change. If he uses a dialin connection via PPP it is all ok, since he can use a dialin access in his office, that connect to a server that assign him the "right number" (of course it is free, since the machine is away) based on his userid, so from home he get the same address that in the office. But if he move to another office, on a different network, and cannot/don't want to connect via dialup ? I thought of setting in that remote site an old machine (I have tens of 8 MB ram 486/P120) , just with the duty to act a gateway having on the eth two address , the one of the gateway of the home network, and another of the real address of the real network [they cannot overlap since are both publics, but one could also use a different NIC] . This host should send trought a tunnel to a machine in home network that would reinject to the router as if came from there. (or i could assign to the nmoved machine a private address, and tunnel to home network where traffic would be shown as local with home address)
How to do ? -- Leonardo Boselli Nucleo Informatico e Telematico del Dipartimento Ingegneria Civile Universita` di Firenze , V. S. Marta 3 - I-50139 Firenze tel +39 0554796431 cell +39 3488605348 fax +39 055495333 http://www.dicea.unifi.it/~leo
