> I'm interested in a better authentication method than registering all > the MACs+IPs of all my users (which after all is just dust in the wind > ...) using my current hardware (16 servers, 1 for at least 250 > clients). I was thinking about ppp based authentication but it doesn't > look very scalable and secure ... am I wrong ?
openvpn might be an easier solution. > Also due to the fact that my ISP doesn't agree with opening all ports > and traffic shaping due to possible attacks, most of my clients are > using tunneling methods like "your freedom" and "surf no limit", which > currently produce a high CPU usage on all the servers due to the > CONNECT method in the Squid Proxy Cache. Currently i just drop/traffic > shape the tunneled P2P traffic via ipp2p/l7-filter module of iptables. > I still believe that opening all ports and traffic shape them would be > the only solution ... but this would impose a high network security > ... so i`m back to point 1 ... suggestions ?! Does that mean that you allow CONNECTs to all ports? Willi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
