rspickles@computers4all.org wrote:
>First - VPN is between routers as a rule.
>
<snip>
>(We haven't even got to the security hole having your
>server directly connected to their network represents remember they are
>using Windows Servers).
>
>
I think there's "Road Warrior" VPN connections you can make with
clients. I don't know how difficult it is to set up, however. I do
know that it's best if you have a static IP on the server end of things
for VPNs. I don't know how hard it is to make a solid VPN connection
with a server with a dynamic IP (with OpenSWAN at my last job, any time
either of the servers changed IPs, it required intervention - that being
said, there werent' any road warrior setups.)
>Now for a better solution -- Set up your server as a FTP server
>
<snip>
One better: SSH. FTP is plaintext (and deprecated amongst linux user)
by default,and you'll need to tweak (maybe, depending on your distro)
to do TLS encryption. SSH is encrypted by default, and programs like
WinSCP make it a breeze.
Although it's a bit of 'security through obscurity', you can also dodge
some of the more unintelligent attacks by running on an off-port.
Also, you can SSH into your home box and have complete control of your
machine from afar. This is what I do.
>
>One more note here -- Unless you are paying extra for a "Fixed IP
>address for your home router - your ISP may at sometime in the future
>change your IP address without notice.
>
>
>
I use dyndns.org to manage my dynamic IP address. TTLs are super low so
that when my router reboots, connections to ak.glaven.org (which is a
CNAME to something else) comes up within a few minutes. And, some
routers (My WRT54G does, anyway) have built-in dyndns clients for a
number of services that will update things immediately upon getting a
new IP. Failing that there are a number of linux programs that will do
dyndns for you (all you need to do is cron it.) (If you really want to
hack it, log into an IRC channel on a public IRC server, and log in to
IRC f rom elsewhere - then just note the IP of your user 'at home' and
log into that IP. I've done this when dyndns is messed up and I can't
find my home IP. I'm usually logged in and use irssi inside screen to
squat on IRC channels.)
Ahoy!
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Oct 12 22:24:56 2006
This archive was generated by hypermail 2.1.8 : Thu Oct 12 2006 - 22:24:56 AKDT