On Fri, Oct 06, 2006 at 07:36:55AM -0500, [EMAIL PROTECTED] wrote:
> Greetings All,
>
> Although TLS is a good protocal from what I have read, establishing a VPN
> allows the client side to easily tunnel over firewalls and seems to be a
> more secure method in that the vpn will be using certificates to establish
> the liks which is better than open passwords from my basic initial
> reading.
When I said that bacula uses the same libraries that OpenVPN does, I meant
*exactly* the same. OpenVPN uses the same openssl libraries and TLS
certificate code for authentication and key exchange. If you're using the
TLS code in bacula, the passwords you've read about don't even come into
play until after TLS authentication has sucesfully completed and the tunnel
is encrypted.
> We will have only a very few open ports to the Bacula cluster and it
> appeared to me that having the client side initiate an OpenVPN connection
> to the main director server, perform the encrypted backup, and disconnect
> until the next scheduled backup is an optimal method although I may be
> wrong.
The problem is that with OpenVPN, you want to have lots of clients connecting
to a single server. With bacula, you have a single server connecting to lots
of clients. This means that the server wouldn't be able to initiate a backup
job unless the client had chosen to bring up the tunnel first. I'm not even
sure how well it would work to have a single OpenVPN client on the director
server simultaneously connecting to mulitple OpenVPN servers on the bacula
clients.
I'd bet that if you try to shoehorn a VPN based solution around bacula, you'll
end up with a lot more headaches, but not much more security.
--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
