Forum: Cfengine Help
Subject: Re: managing mobile clients
Author: erik
Link to topic: https://cfengine.com/forum/read.php?3,18189,18243#msg-18243
also remember that cfengine works fine without access to the policy server, so
the cfengine 'clients' can manage their client-side VPN au
On Mon, Sep 13, 2010 at 8:13 AM, Max Arnold wrote:
> On Mon, Sep 13, 2010 at 05:07:17PM +0200, no-re...@cfengine.com wrote:
>> You could tunnel over VPN since you would control the end point IP.
>
> Managing client-side VPN configuration is one of the tasks I want to
> accomplish with Cfengine :)
Max, Cfengine version 3.1.0 is changing to a different key system based on a
hash of the
public key. This is specifically to better support mobile/dhcp hosts.
There is already support for dhcp is existing cfengine, but it will be simpler
in future.
M
Max Arnold wrote:
> Hello folks!
>
> Righ
Forum: Cfengine Help
Subject: Re: managing mobile clients
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,18189,18210#msg-18210
Hi Max,
Indeed this seems like more of a security policy question. Any remote client
that could be stolen probably should not have data
On Mon, Sep 13, 2010 at 07:32:55PM +0200, Eystein Måløy Stenberg wrote:
> First off, Cfengine 3.1.0 due for October will have new functionality
> for recognizing hosts. It uses the hash of the other party's public key
> rather than the IP/DNS-address. Thus a host will be recognised even when
> c
First off, Cfengine 3.1.0 due for October will have new functionality
for recognizing hosts. It uses the hash of the other party's public key
rather than the IP/DNS-address. Thus a host will be recognised even when
changing IP/DNS addresses.
Secondly, the well known key distribution/trust issue
On 9/13/10 7:49 AM, "Max Arnold" wrote:
> On Mon, Sep 13, 2010 at 05:58:51PM +0400, Seva Gluschenko wrote:
>> Well, from my point of view, you have to add policy server's public
>> key to ppkeys/ on clients and to accept on trust certain ranges of IP
>> addresses reserved for clients. This way cli
On Mon, Sep 13, 2010 at 05:07:17PM +0200, no-re...@cfengine.com wrote:
> You could tunnel over VPN since you would control the end point IP.
Managing client-side VPN configuration is one of the tasks I want to
accomplish with Cfengine :)
___
Help-cfengin
Forum: Cfengine Help
Subject: Re: managing mobile clients
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,18189,18195#msg-18195
You could tunnel over VPN since you would control the end point IP.
___
Help-cfengine mailing list
On Mon, Sep 13, 2010 at 04:35:54PM +0200, no-re...@cfengine.com wrote:
> http://www.cfengine.org/manuals/cf3-reference.html#dynamicaddresses-in-server
> might also help. The NAT aspect is definitely tricky.
What about indexing client public keys by their fingerprint? For
example, once key exchan
On Mon, Sep 13, 2010 at 05:58:51PM +0400, Seva Gluschenko wrote:
> Well, from my point of view, you have to add policy server's public
> key to ppkeys/ on clients and to accept on trust certain ranges of IP
> addresses reserved for clients. This way clients will trust the server
> according to the
Forum: Cfengine Help
Subject: Re: managing mobile clients
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,18189,18193#msg-18193
http://www.cfengine.org/manuals/cf3-reference.html#dynamicaddresses-in-server
might also help. The NAT aspect is definitely tricky
Well, from my point of view, you have to add policy server's public
key to ppkeys/ on clients and to accept on trust certain ranges of IP
addresses reserved for clients. This way clients will trust the server
according to the pre-loaded key, and server will trust clients. The
trick is, you'll need
13 matches
Mail list logo
