![](https://seccdn.libravatar.org/avatar/4302315541574064a521c84aefd10a7f.jpg?s=120&d=mm&r=g)
Anders Johansson wrote:
On Monday 24 December 2007 02:40:58 Aaron Kulkis wrote:
Hans Witvliet wrote:
On Sun, 2007-12-23 at 23:10 +0100, Anders Johansson wrote:
On Sunday 23 December 2007 22:43:24 Hans Witvliet wrote:
If you are not in control of your network, use openswan or strongswan for vpn, and put nfs-v3 over it. We have been using it in a test for connecting several locations. Works ok. huh? You're connecting each client to the server using vpn on the *local LAN*?
That doesn't sound like a very good configuration
nfs4 + kerberos gives authentication and encryption and requires very little in the way of configuration. No offense, but VPN on a local LAN is just silly Well, at my work they're rather paranoid. For some, we have to tunnel internet through the corporate network, For others, we tunnel our corporate network with voip over public networks.
Indeed, sounds odd, it is odd, but true. That's standard practice in up-to-date IT departments.
VPN from the client to the server when both are inside the corporate network? No, that is very much not standard practice. VPN is normally used to reach the corporate network from outside - I have never seen, or even heard about, a setup where it's used inside
Some militaries uses VPN's within their networks. Each time you cross into a VPN boundary, you're going to a higher or lower level of classification Example: | <============== VPN 1 UNCLASSIFIED ===============>| | | | | <======= VPN 2 SECRET =========>| | | | | | | | |<= VPN 3-TOP SECRET =>| | |
Anders
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org