> > > I would > > need to be able to rsync to the laptop and I'd rather not be involved > > in the remote employee's router config. Is there an easier solution > > for that than OpenVPN? > > There is ZeroTier as a replacement for OpenVPN, and Syncthing for > syncing. Both are P2P solutions and you can run your own discovery > servers if you don't want any traffic going through a 3rd party (although > they don't send data through the servers). > > I've no idea whether that would meet your security criteria but it > certainly fulfils the "easier than OpenVPN" one. It will take only a few > minutes to install and setup using the public servers, although, as I > said, your network is never public, so you can check whether they do what > you want. Then you can look at hosting your own server for security. > > https://www.zerotier.com/ > https://syncthing.net/
Zerotier looks especially interesting. Can I have machine A listen for Zerotier connections, have machine B connect to machine A via Zerotier, have machine C connect to machine A via Zerotier, and rsync push from B to C? Does connecting two machines via Zerotier involve any security considerations besides those involved when connecting those machines to the internet? In other words, is it a simple network connection or are other privelages involved with that connection? Can I somehow require the Zerotier connection between machines A and C in order for C to pass HTTP basic authentication on my web server which resides elsewhere? Maybe I can route all traffic from machine C to my web server through C's Zerotier connection to A and lock down basic authentication on my web server to machine A? - Grant
