> -----Original Message----- > From: centos-bounces at centos.org > [mailto:centos-bounces at centos.org] On Behalf Of Dhaval Thakar > Sent: Sunday, December 21, 2008 2:49 AM > To: CentOS mailing list > Subject: Re: [CentOS] regarding vpn server for 1500 clients > > > > > > > Dhaval Thakar wrote: > >>> If you could use a lower CPU intensive crypt like > blowfish, it would be > >>> easier. > >>> > >>> Are all these trading partners in different locations or > are there semi > >>> large > >>> groups in the same locations? > >>> > >> all these are end users. > >> they connect software from home / offices. > > > > Do they actually need a generic VPN? If they only run a few > > applications you might be able to use https or similar ssl based > > connections and avoid the routing/addressing/MTU issues. > You can still > > use certificate based authentication in one or both > directions if you > > want. > > > > Also if the application(s) can be made to run over normal > https (i.e. a > > web interface) you get the advantage of working though most existing > > proxies and firewalls, plus on the host end you have the option of > > scaling up with a load balancer that handles the ssl processing and > > reverse-proxies to a pool of backend servers. > they need database access. > I prefre providing database over vpn rather providing via internet on > different tcp port. ---------- Without using a VPN, you can do this. Example if you use M$ SQL Server set "Force Protocol Encryption" and generate the ssl certificate. I have no prior experience with MySQL, so if someone can comment on being able to do the same with it go right ahead. The application also that is connecting to it has to support SSL also. Like you said in this post you would rather do this by VPN, well you would come way cheaper this way. Also still it doesn't matter connecting over a VPN is still going over the internet NO Matter how you look at it. What you are lacking to see is that there is more ways to do this sort of thing and save a heck of a lot of cash in doing so and will be just as secure. You really have a simple Project at hand. You asked my vpn experience? The local telephone office where I live at. ATM/FR with pptp ppp and l2tp terminating connections there then routing them to another provider. Also Backhauling connections from the local office to the main fiber distribution point. All isdn, dsl, and fiber are backhauled from 18 miles away to the main office. We still use PSTN and POTS in a few areas and we are 10 years behind in networking technology. Just got E911 finished. Instead of leasing a line maybe check into Dark Fiber for the area you live in (fiber cable laid down but not in use). ATM/FR maybe getting old but the connections can be really consistent with a good Service Level Aggreement between you and your network provider. You have also had other really good ideas also about doing this. JohnStanley