gif's

[Chuck Swiger]

Tom Skeren wrote:
> Been pulling my hair out.  Anybody know of a resource for a fairly 
> complex tunneling scheme.  My needs are such that a central hub "Star" 
> style tunneling scheme simply will not be efficient.

At some point, complex VPN configurations become more work to setup and 
maintain than switching to IPsec or increasing the # publicly available 
services, hopefully switching to more secure protocols at the same time.

By the last I mean, many people want a VPN to do filesharing from home to 
work, or access email and such "securely" over the encrypted tunnel, but 
people tend to terminate VPN endpoints inside the network rather than in a 
semi-trusted perimeter zone, and the more VPN connections you add, the greater 
the exposure of various external networks to the inside and to each other.

Switching to HTTPS+WebDAV (eg SubVersion) for a filesharing/publishing 
mechanism to replace direct CIFS/Samba access, or accessing mail via IMAPS 
rather than firing up Outlook against the company's MS-Exchange server over 
the VPN might actually result in a more secure configuration.

-- 
-Chuck