I think it is good practice to try to define a project before crashing in and starting work. That being the case, here are my thoughts. Please everyone make comment.
I can imagine this scenario: Teleworkers / Roadwarriors with dynamically assigned IPs connect to A Branch Office which in turn connects to: The Head Office. It is possible / likely that some of the Teleworkers / Roadwarriors will have non-SME IPSec equipment. It is possible / likely that the Head and/or Branch Offices will have non-SME IPSec equipment. So I think we should be driving FreeS/Wan for SME to have the following capabilities: These capabilities should be able to work together concurrently: It should be able to act as "server" for a set of local teleworkers It should be able to act as "client" for a "server" further up the food chain. It should be able to connect to _any_ IPSec compatible equipment. The above are "logical" connections and have nothing to do with the actualities of configuring FreeS/WAN (which as I understand has no concept of server / client) In the SME context though, I do have a question to do with browsing computers: If you are one of the Teleworkers connected to the Branch Office: Should you / could you browse the computers in the Head Office LAN? How does this fit in with WINS and or DNS. I suppose we must assume that most desktops will be Windoze Boxen. Remember, this is a document about what could be our end goal. There are many other possibilities, but I feel it is important to scope our project fairly early on, that way we will know when to stop. On top of the "back-end process" above, we need to think about how we make it easy for non-experts to configure SME to act in whichever way the end-user requires, together perhaps with some basic feedback to non-experts which will confirm that the connection is up and runnig smoothly. As always, comment welcome (don fireproof suit now) Hugh -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org