On Sun, 3 Feb 2008 12:25:25 -0800 Grant <[EMAIL PROTECTED]> wrote: > So I would set up openvpn on my remote server and connect to it from:
here's a few ideas about the subject, some options to think about. > 1. my local print server for printing Look into routed vpn networks. If I were in your case I would probably set up a VPN server on (one of) my firewall(s) and then either route/allow :641 traffic to the remote print server through the VPN or simply redirect :641 connections through the VPN, just like port forwarding for NATed servers behind firewalls. in this configuration, the remote print server is really a VPN client rather than a server. > 2. my laptop for ssh and imap I like to allow myself, with my laptop, to connect to my SOHO-sized server setup through a VPN. To this end I tell the gateways on select subnets to route throught to the VPN, and tell the VPN server to route to those subnets' gateways. That way I can configure any computer (through the vpn, of course) without having to worry about opening it to external connections. If you wanted to make the VPN transparent, you could NAT the VPN traffic instead, and make it look like it came from the VPN server itself. I cringe at the idea of having to use a VPN for imap, however. > Could I also only allow access to my website's admin pages through > openvpn? You could, but it might be a little tricky, depending on your setup. If it were my goal, I would probably put the server pages in a directory and control access to that directory to only VPN addresses (Again, this assumes a routed vpn). Or you could put it on a different server entirely. However, I would do no such thing. I would want to use an entirely different access scheme for website admin, using a user login to perhaps an ssl protected webpage, or if I were really concerned, HTTP authentication. . I would not want my web admins, who likely enjoy the ease with which they can manipulate their web pages, to be allowed on the VPN, and wouldn't want to set it up on their computers or worry about them getting viruses and the like. It's hard for a virus to transmit in a meaningful fashion over FTP and access to webpages, but trojans on a VPN client give the trojan controller the same access to the VPN -- and a copy of the client's certificates. I am not quick to pass out trusted certs for my vpn. In short, better uses of the VPN in this case would probalby be remote access to the corp. network from your laptop and secure access to remote print servers from whatever the number of hosts. > - Grant -- gentoo-user@lists.gentoo.org mailing list
