-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Donnerstag, 20. Januar 2005 13:22 schrieb Mischa: > Hi > > We are starting to integrate an LTSP environment in a company. I've already > installed an LTSP-Server(4.1) for testing with debian without any Problems. > Thanks for the good documentation! > > Now to my question: > Is it possible to encrypt the traffic of X11 (vpn/ssh tunnel/etc.)?
In principle you can tunnel any X11 traffic with ipsec, pptp, whatever you like. This could come in handy in a situation where, between a client side and a server side there is an untrusted link, say, over the internet. In that case you could setup any regular VPN and just tunnel the X11 traffic through. You probably need a DHCP server on the client side though as DHCP usually is not tunneled through VPNs. For saving traffic costs on the link you'd also want to run a TFTP server on the client side, and if you can, also a NFS server. This could result in the processing power machine doing X apps only while NFS, TFTP and DHCP come from another machine, which is perfectly possible with LTSP and should be easy to do according to the manuals. This does not address the IPSEC part though, which for me personally will prove more difficult. You could use some machine (non-LTSP) as ipsec gateway, which is connected to one or more slaves and handles the other client-side services as well. Running IPSEC right from the terminals is not standard right now and probably needs larger manipulations in the initial ramdisk. Once there's a kernel 2.6 ramdisk (with in-kernel ipsec support), this will not be as difficult anymore as it would be right now. However, it's not there as a package quite now. So running the client-side gateway probably is what you want. > I've > tried to tunnel it with ssh but this doesn't work (i think because xdmcp > uses tcp and udp ports). You cannot use SSH for the UDP usage of XDMCP. You could perfectly well ssh from the terminal to the computing power machine with ssh -X 192.168.0.1 and then run the apps through the ssh tunnel, but that does not work with a login screen as that needs XDMCP. > Another way is to integrate any software that > tunnels tcp and udp. Is there any package available that would fit my > needs? Google for IPSEC. You probably want, by now, the kernel-2.6 internal ipsec mechanism, which seems to be fairly easy to setup for someone who knows his way through Linux networking. Perhaps your distribution already comes with lots of handy tools. Regards, Anselm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFB788lRGDyvz+XrnkRAva2AKDOR42i+6dQM6tLCensMOChORPRmQCgg/P3 +VMdioI4gEPKaJhT+6i7UWI= =h3OM -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net