Arno Lehmann wrote:
Hmm. A good manual section about VPN setup could solve these problems :-)Seriously, using a VPN to backup data would be one good option as long as transport encryption is not fully implemented. Once transport encryption is stable, things look different... One possible solution might be a bacula proxy to run on the firewall... or simply port forwarding through the firewall (or NAT device)... but, of course, that doesn't do everything the client initiated backup does: the schedules would remain a DIR thingie (just right in my opinion ;-)
Transport encryption is fully implemented in the UNIX daemons, and is very stable. I've been using it for our office backups for about four months now.
Win32 support for transport encryption requires a small amount of code to implement entropy gathering using Microsoft's Crypto API. I'm the blocking factor there -- building the win32 file daemon is complicated, and while I can run Windows via kqemu, I don't have a copy of MS Visual Studio.
Additionally, the GUI consoles/tray monitor do not support transport encryption. This is just a matter of copying the relevant code from bconsole. This would be an excellent small project for an aspiring developer -- otherwise, I've acquired a FreeBSD workstation and will get around to adding support.
-landonf
signature.asc
Description: OpenPGP digital signature
