Anders Johansson wrote:
On Monday 24 December 2007 02:40:58 Aaron Kulkis wrote:
Hans Witvliet wrote:
On Sun, 2007-12-23 at 23:10 +0100, Anders Johansson wrote:
On Sunday 23 December 2007 22:43:24 Hans Witvliet wrote:
If you are not in control of your network, use openswan or strongswan
for vpn, and put nfs-v3 over it. We have been using it in a test for
connecting several locations. Works ok.
huh? You're connecting each client to the server using vpn on the *local
LAN*?
That doesn't sound like a very good configuration
nfs4 + kerberos gives authentication and encryption and requires very
little in the way of configuration. No offense, but VPN on a local LAN
is just silly
Well, at my work they're rather paranoid.
For some, we have to tunnel internet through the corporate network,
For others, we tunnel our corporate network with voip over public
networks.
Indeed, sounds odd, it is odd, but true.
That's standard practice in up-to-date IT departments.
VPN from the client to the server when both are inside the corporate network?
No, that is very much not standard practice. VPN is normally used to reach
the corporate network from outside - I have never seen, or even heard about,
a setup where it's used inside
Some militaries uses VPN's within their networks.
Each time you cross into a VPN boundary, you're
going to a higher or lower level of classification
Example:
| <============== VPN 1 UNCLASSIFIED ===============>|
| |
| | <======= VPN 2 SECRET =========>| |
| | | |
| | |<= VPN 3-TOP SECRET =>| | |
Anders
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
