[CentOS] regarding vpn server for 1500 clients

John jses27 at gmail.com
Sun Dec 21 09:10:50 UTC 2008


> -----Original Message-----
> From: centos-bounces at centos.org 
> [mailto:centos-bounces at centos.org] On Behalf Of Dhaval Thakar
> Sent: Sunday, December 21, 2008 2:49 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] regarding vpn server for 1500 clients
> 
> 
> 
> 
> 
> > Dhaval Thakar wrote:
> >>> If you could use a lower CPU intensive crypt like 
> blowfish, it would be
> >>> easier.
> >>>
> >>> Are all these trading partners in different locations or 
> are there semi
> >>> large
> >>> groups in the same locations?
> >>>
> >> all these are end users.
> >> they connect software from home / offices.
> >
> > Do they actually need a generic VPN?  If they only run a few
> > applications you might be able to use https or similar ssl based
> > connections and avoid the routing/addressing/MTU issues.  
> You can still
> > use certificate based authentication in one or both 
> directions if you
> > want.
> >
> > Also if the application(s) can be made to run over normal 
> https (i.e. a
> > web interface) you get the advantage of working though most existing
> > proxies and firewalls, plus on the host end you have the option of
> > scaling up with a load balancer that handles the ssl processing and
> > reverse-proxies to a pool of backend servers.

> they need database access.
> I prefre providing database over vpn rather providing via internet on
> different tcp port.
----------
Without using a VPN, you can do this. Example if you use M$ SQL Server set
"Force Protocol Encryption" and generate the ssl certificate. I have no
prior experience with MySQL, so if someone can comment on being able to do
the same with it go right ahead. The application also that is connecting to
it has to support SSL also.

Like you said in this post you would rather do this by VPN, well you would
come way cheaper this way. Also still it doesn't matter connecting over a
VPN is still going over the internet NO Matter how you look at it. What you
are lacking to see is that there is more ways to do this sort of thing and
save a heck of a lot of cash in doing so and will be just as secure. You
really have a simple Project at hand.

You asked my vpn experience? The local telephone office where I live at.
ATM/FR with pptp ppp and l2tp terminating connections there then routing
them to another provider. Also Backhauling connections from the local office
to the main fiber distribution point. All isdn, dsl, and fiber are
backhauled from 18 miles away to the main office. We still use PSTN and POTS
in a few areas and we are 10 years behind in networking technology. Just got
E911 finished.

Instead of leasing a line maybe check into Dark Fiber for the area you live
in (fiber cable laid down but not in use). ATM/FR maybe getting old but the
connections can be really consistent with a good Service Level Aggreement
between you and your network provider. You have also had other really good
ideas also about doing this.

JohnStanley



More information about the CentOS mailing list