[tech] marblefish
Grahame Bowland
grahame at angrygoats.net
Mon Feb 27 22:07:01 WST 2006
On 26/2/06 10:20 PM, "James Andrewartha" <trs80 at ucc.gu.uwa.edu.au> wrote:
> On Sun, 26 Feb 2006, David Adam wrote:
>> If not, I strongly suggest we don't let [JCF] set up another of his
>> crackrock SSH-based VPNs (you're killing kittens, James), but perhaps some
>> sort of encrypted link is a good idea. Otherwise we can do it the easy way
>> by NATing (say) port 10025 to mooneye:25.
>
> I was thinking IPSec or OpenVPN, I'm not sure whether terminating on
> madako or mooneye is the best plan (probably mooneye).
If 2.6 is generally flakey on Alpha, can we just run 2.4? I don't trust some
magic SMP fix warm and smoking off the debian-alpha list to actually -work-,
and the machine is going to be annoyingly hard to poke if it stops booting
or decides to corrupt its filesystems.
For the link, why not just use SSL-encrypted SMTP, running on the standard
secure SMTP port? It's really easy to get postfix to permit relaying based
on the SSL cert that the client has got. That's really all you need, and it
won't rely on some tunnel being up all the time.
More information about the tech
mailing list