Well, for one, you need some way of maintaining a per-workstation key securely on the workstation. This can be done via some sort of onboard storage (that hopefully cannot be compromised that easily), etc. A lot of these issues have been discussed on this list before.
Joey Officer wrote: >In reference to setting up a ipsec tunnel between the workstation, and the >server, what are some of the particulars for this? I would assume that >something like this would be useful on an untrusted network, but assuming >the linux server is on your local net, what is the benefit of something like >this? > >And also, what would I search for if I wanted to set something like this up? > >Joey > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Jason A. >Pattie >Sent: Tuesday, July 02, 2002 10:42 AM >To: Maria Backlund >Cc: [EMAIL PROTECTED] >Subject: Re: [Ltsp-discuss] LTSP combined with FreeS/Wan? > >As a company, we setup and maintain Linux FreeS/WAN VPN solutions. I >don't see a need for setting up VPN tunnels on the LTSP application >server, unless you are wanting to secure and encrypt all traffic being >sent to and from the LTSP workstations. We have had a fairly thorough >discussion on this list concerning some of the details about how to go >about setting the workstations up for this kind of scenario. > >If on the other hand, you want to allow VPN connections to your internal >network from the outside, i.e., the Internet, then you will most likely >want to setup FreeS/WAN on your firewall that is connected directly to >the Internet or to a dedicated security gateway box in a DMZ or the >internal network that all IKE, AH, and ESP traffic are redirected to by >the firewall. > >Maria Backlund wrote: > > > >>We've made a small network consisting of a linux terminal server and >>several clients. We're using Red Hat 7.2. Now we would like to implement >>VPN by using FreeS/Wan. Do we need to recompile the LTSP-kernel to >>adjust it to FreeS/Wan or is there an easier way? If someone has done a >>similar project we would appreciate your support. >> >> >>------------------------------------------------------- >>This sf.net email is sponsored by:ThinkGeek >>Welcome to geek heaven. >>http://thinkgeek.com/sf >>_____________________________________________________________________ >>Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: >> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >>For additional LTSP help, try #ltsp channel on irc.openprojects.net >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >> >> >> > >-- >Jason A. Pattie >[EMAIL PROTECTED] > > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > > > >------------------------------------------------------- >This sf.net email is sponsored by:ThinkGeek >Welcome to geek heaven. >http://thinkgeek.com/sf >_____________________________________________________________________ >Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >For additional LTSP help, try #ltsp channel on irc.openprojects.net > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > > -- Jason A. Pattie [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek No, I will not fix your computer. http://thinkgeek.com/sf _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net