On Thu, Oct 05, 2006 at 10:14:17AM -0800, Joshua J. Kugler wrote:
> My first thought is "Access to the company's LAN, which the laptop (or other
> machine) would not have otherwise." In other words, there can't even be a
> connection for backup without starting up the VPN first.
Ah, like for roaming laptops?
First off, make sure that you understand which components initiate
communications to which other components. For example, the fd needs to accept
incoming connections from the director, but makes outgoing connections to the
sd.
The tricky bit that I can see right off is that since the initial connections
go from the director to the fd, you'd have to be running an openvpn server on
the laptop. While this would work, there'd be a few gotchas:
- the director would have to have rights to bring up the tunnel, which
would probably mean running it as root or some sudo hackery
- you would have to look into how well the director would handle being
an openvpn client connected to multiple servers
- unless your sd is on the same host as the director, you would have to
make additional provisions for connections from the fd to the sd
Given that bacula uses exactly the same TLS libraries to authenticate and
encrypt its data that openvpn does, you're probably better off just allowing
bacula through the firewall.
--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bacula-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-users
