> > I'm hoping to use the vpn in three few ways: > > > > 1. imap and smtp between my laptop and the mail server > > 2. ssh from my laptop to the remote server > > 3. cups printing from the remote server to the print server > > I don't think you need a VPN to SSH from your laptop to the remote > server -- SSH is already encrypted.
For sure, but it seems like running SSH inside a VPN is better for security than running SSH on a non-standard port or even port knocking. If I need to set up a VPN for printing, shouldn't I use it for other stuff too? Maybe not, I have yet to actually use a VPN so please correct me if I'm wrong. > If your laptop is always behind your local firewall, then it should be > sufficient to have an OpenVPN tunnel established between your local > firewall/print server and your remote server. This should allow you to > print. > > Configuring the routes on your laptop to go through your local > firewall and VPN to the remote server should allow you to grab your > mail. > > If you move around with your laptop then you'll need to establish the > VPN tunnel to your remote server anytime you need to grab your mail > from anywhere else but home (behind your local firewall). Ah, tunnels, OK. I need to think in terms of tunnels. I'll definitely be moving around and won't be behind my local firewall too much of the time. Can I set up the openvpn server on my remote system and keep a tunnel open between it and the firewall/print server for printing, and also initiate a tunnel between the laptop and the remote system whenever I need to mail or SSH? Does that sound like a good plan? - Grant > > IMHO you should always go with routed first, then bridged if you need > > it. > > > > Ask yourself this question: do you really need ethernet traffic to go > > through the vpn? There are cases where it could be useful, but I'm hard > > pressed to find a general case. > > > > With a routed vpn, you work with IP addresses, just like you do on the > > internet. > > As Alan said, try going with routed first. > > Also, think about whether you really need this. As mentioned above, > SSH doesn't need to be tunneled over a VPN. IMAP and SMTP can be > encrypted too. That leaves printing, for which you could use VPN. > > Have fun! > Mike -- gentoo-user@lists.gentoo.org mailing list
