Predrag I’m new to the list but i’d thought chirp in.
What clients are people accessing your intranet with? I’ve been presented with a similar request & am currently testing mobile access via ssh & port forwarding utilizing a combination of keys & the match directive. Essentially SSH forwards port 80 after authenticating with a key. The server is also configured with a match directive to require key based authentication from all public IP’s. This approach seems to work however it may be difficult for some end users. In addition It also allows shell access. Ideally I’d prefer port forwarding only. Regards Patrick > On May 10, 2015, at 10:25 AM, Predrag Punosevac <punoseva...@gmail.com> wrote: > > Hi Misc, > > I am trying to implement Internet in my Lab. The purpose of the Internet > is to prevent unauthorized users from viewing parts of our Wiki pages. > Our Wiki pages don't really contain anything supper sensitive or > critical. BTW our Wiki/Portal has built in authentication but it doesn't > look too secure to me. I am soliciting opinions about best/simplest ways > how to do that. > > About two months ago I implemented secure access to a web application to > one of our customers using L2TP/IPSec with npppd. It works like a charm. > It seems to me that one way to implement Intranet (actually quite secure > way) would be to require L2PT/IPSec connection for view pages. The only > drawback I see is a little overhead required by encryption for viewing > few stupid Wiki pages. On the another hand entire traffic is > encapsulated and secure from prying eyes. > > The second idea I have is to use Authpf to create Authenticating > Gateway. I have never implemented Authpf in the past but it looks rather > straightforward. I see that lots of people are using it to protect WiFi > hot spots. Can it be used to protect unauthorized access to a web > server? I am assuming that the major drawback is that the traffic will > not be encrypted and can be eavesdropped. Yes I could then use something > like https to encrypt the traffic. > > I would appreciate any comments, suggestions, and ideas. I would > appreciate even more if people share their experience in implementing > Intranet on their networks. > > Most Kind Regards, > Predrag Punosevac
