Good afternoon, Correct me if I'm wrong but Mandos only works on a LAN according to the technical overview (http://wiki.fukt.bsnet.se/wiki/Mandos#Architectural_Overview).
This assumes that the network connectivity is already operational. But how to deal with this when it's not the case: Our machine is an openvpn-gateway connected between our customer's infrastructure and our intranet. But, there is no dedicated line from our customer and us. So it goes through internet and our gateway is connected to internet directly with an ADSL card. So that the Mandos server should be somewhere in our intranet and the Mandos client will be installed on the machine. Therefore, it becomes a bit more difficult because I can't encrypt all of my hard drive because I need ADSL credential for authentication with the ISP in clear text. Any suggestions? Thomas NGUYEN VAN ----- Original Message ----- From: "Andrew McGlashan" <andrew.mcglas...@affinityvision.com.au> To: "Jonas Andradas" <j.andra...@gmail.com> Cc: "Thomas Nguyen Van" <t.nguyen...@jumper.ie>, "Jeroen van Dongen" <jer...@lbvd.nl>, debian-security@lists.debian.org Sent: Monday, January 24, 2011 1:53:54 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna Subject: Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny Hi Jonas, Jonas Andradas wrote: > however, having to start up the Mandos server in order for the host to > start-up could defeat the purpose of Mandos itself, which is supposed to > allow servers to start up autonomously, without human intervention. Of > course, you could always have your monitoring software detect the server > failure or reboot and as an action, trigger the startup of a Mandos VM. > In this case, however, the Mandos server probably would not be > full-disk encrypted (otherwise, it would need human intervention to > start or another Mandos-server running somewhere), but maybe it would be > possible to come up with an interesting setup to achieve this. It also sounds like something that could be turned into a service, like DNS -- have two or more Mandos servers available for clients; same as DNS, have them on different networks and also different physical locations where possible. -- Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/16305034.21801295885485668.JavaMail.root@IRL-DUB-P-SRV-02
