On Wed, Nov 14, 2012 at 10:23:30AM -0800, Marc Chamberlin wrote: [ 8< ]
I am in the process of grokking VPN (openVPN) and believe it may be the right answer. But it is a complicated solution and not one that I will be able to easily explain to others on how to set up. I think I have it set up and working for my own laptop, but it is not easy to test unless I am outside of my own internal network, so progress is slow....
Yes. This isn't easy. In particular if you have to get remote systems added to your VPN setup without being in person at the remote location/ on site. :/
I took a brief look at shorewall, but so far have avoided using it as I would like to stay within the supported utilities provided by openSuSE. Perhaps you can explain what is the difference between using shorewall and SuSEFirewall2? I have long been using SuSEFirewall2 to configure my firewall, (which I believe in turn configures iptables underneath the covers) and yes it does have it's warts and bugs
Please as soon as you speak about bugs always include the issue ID which is used to track the issue. If there is no bug filed there is no issue. ;)
but as least I know what to avoid, for the most part (such as using YaST2->Security and Users->Firewall to configure it!).... Not sure I want to learn another tool unless there is a real advantage to doing so... Is there insofar as openVNP is concerned?
YaST offers a ca-management module which offers anything you need to establish and maintain your own and private Certification Authority. Next you might check the quality of the openvpn howto. Cf. http://openvpn.net/index.php/open-source/documentation/howto.html You might have to read the howto stuff first to get a better feeling what the YaST CA stuffer offers. Or you need to switch between the documentation and the YaST module. But at the end you'll get what you need and the YaST CA stuff minimizes the general SSL pain a lot. Cheers, Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team + SUSE Labs SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany