Once upon a time, shawn wilson <ag4ve...@gmail.com> said: > So, kinda the same idea - just put IPMI on another network and use ssh > forwards to it. You can have multiple boxes connected in this fashion > but the point is to keep it simple and as secure as possible (and IPMI > security doesn't really count here :) ).
For basic IPMI, SSH forwards will work, but some of the web/Java based KVM-over-IP on IPMI BMCs tend to not work well with that. For IPMI things like power control and serial-over-LAN, I put the IPMI on a separate VLAN (most semi-recent BMCs can handle a VLAN tag) and then just use "ipmitool" on a Linux system connected to the same VLAN (no port-forwarding or VPN required). I only use a VPN-type setup when I need to use a KVM console. -- Chris Adams <c...@cmadams.net>
