Also consider tincd On 10 May 2015 at 04:51, Bonno Bloksma <b.blok...@tio.nl> wrote:
> Hello Peter > > > >> Petter Adsen wrote: > >> > Now the question becomes; AFAIK, I could do this with ssh tunnels > >> > and forward the ports on my router/firewall, or I could use > >> > something like openvpn or IPsec (strongswan). > >> > >> Yes. Exactly. > >> > >> Also 'stunnel4' is useful too. > > > > Thanks, I didn't know about that one. > > > > [....] > > > > Thank you for your insight, that was very informative. From what I > > gather from this, it might be just as well to go straight to openvpn. > > > > Let me explain. Already I need rsyslog, munin, and collectd. That would > > require three separate ssh/ssl tunnels. However, if I set up openvpn on > > the router I will just need the one tunnel, and I can set up remote > > access to my home network at the same time, with the same bits and > pieces. > > [...] > > > One thing I forgot to ask, though: how intensive is openvpn on resources, > > especially CPU and memory? I was initially thinking of setting it up on > the > > router, but I am a little worried that it might be too much for it to > handle. > > Would it be feasible/better to set it up on a more powerful machine on > the > > inside and forward the traffic? > > Lots of people set up open vpn on the router if the router is capable of > it. In your case the amount of traffic is definitely something a regular > router should be able to handle. The most cpu is used when openvpn > (re)negotiates a session key which is does by default every hour. > If you find out you need more power simply create a rule on your router to > forward udp 1194 to an inside machine and have openvpn running there. > > It is very easy to setup, for ssl keys there is a separate set of scripts > called easy-rsa that will let you create the keys with the proper settings > in no-time. > > If you want information more about openvpn use the openvpn users list ( > openvpn-us...@lists.sourceforge.net) > There is a commercial version too which has commercial support but you > want the community version which comes with Debian. > > Bonno Bloksma > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: > https://lists.debian.org/89d1798a7351d040b4e74e0a043c69d7d72e1...@hglexch-01.tio.nl > >
