Op 11 feb. 2014 13:17 schreef "Ismael Bouya" <ismael.bo...@normalesup.org> het volgende: > > (Tue, Feb 11, 2014 at 12:56:39PM +0100) Florian Pritz : > > On 11.02.2014 11:42, Ismael Bouya wrote: > > > It's highly unpractical to me to access the machine from where I am -- > > > even remotely: I need someone to manually open a tunnel each time I want > > > to access the machine -- > > > > Set up an automatic tunnel [...] > That's not an option. The network on which the machine is is willingly > inaccessible from outside: The sysadmin there has the principle that "a > machine that works shouldn't be upgraded, because then it can > break"... (The machine which has Archlinux is an exception and he's not > aware of its existence) It's one thing to ask someone to manually create a > tunnel so that I can access the machine once in a while. It's another one > to bypass the sysadmin politics and risk problems if anything happens.
How about establishing regular maintenance intervals? This way, the VPN could be active on these times for you to use and be disabled the rest of the time. Depending on the setup, this could be easily automated. If i understand the admin correctly, he'll be happy with the fixed timing (easier to plan for). This kind of appointment could even work for situations where the Arch-box initiates the connection. Since the admins know about in advance (and agreed to), they won't just block it. mvg, Guus
