Hi, Thomas Nguyen Van wrote:
Correct me if I'm wrong but Mandos only works on a LAN according to the technical overview (http://wiki.fukt.bsnet.se/wiki/Mandos#Architectural_Overview).
Just a LAN or can it be ANY routeable address, via the Internet?
This assumes that the network connectivity is already operational. But how to deal with this when it's not the case: Our machine is an openvpn-gateway connected between our customer's infrastructure and our intranet. But, there is no dedicated line from our customer and us. So it goes through internet and our gateway is connected to internet directly with an ADSL card. So that the Mandos server should be somewhere in our intranet and the Mandos client will be installed on the machine. Therefore, it becomes a bit more difficult because I can't encrypt all of my hard drive because I need ADSL credential for authentication with the ISP in clear text.
I prefer to let a dedicated machine do firewall / routing for me and to have any servers in the DMZ. The servers don't need to have any details about PPP login in this case.
-- Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
