[geeks] Anyone need some computing time or shell?

[Christopher Byrne]

David,

Interesting idea, and I can see it working for some protocols, but there is
the assymetric routing issue for VPN sessions. You would have to state
synchronize the IPSEC gateways, and use seom kind of stateful session
management. Similar to say Checkpoint FW-1's high availability gateways
function.

Also it probably wouldnt work too well for encrypted protocols. They really
want to have the same source as destination. Of course it could all be
implemented with dynamic routing, stateful inspectiona and session
management, and transparent static NAT.

Fun stuff what ;-) Sometimes I love my job. I had to deal with an issu
similar to this in designing a highly available 150 node (300 gateway) VPN
mesh for a set of 1918 addressed backends.

Chris Byrne

-----Original Message-----
From: geeks-admin at sunhelp.org [mailto:geeks-admin at sunhelp.org]On Behalf
Of David Cantrell
Sent: Friday, March 16, 2001 03:22
To: geeks at sunhelp.org
Subject: Re: [geeks] Anyone need some computing time or shell?


On Thu, Mar 15, 2001 at 03:48:06PM -0800, Christopher Byrne wrote:

> I just finished the major project I was doing with my U10, and now it's
> sitting around idle. ANyone need some CPU time on an Sol8 machine, or a
> shell account? It's on an always on 1.5meg synchronus internet connection
> with a static IP address

Well, I have a leetle project I'd like to work on involving a small network
of ipsec gateways set up such that outgoing traffic from workstations hidden
behind them will appear to pop out of random nodes on the net.  However,
my Solaris knowledge is rather limited so it probably wouldn't be a good
idea.

And yes, UK people, this *is* to do with RIP.

--
David Cantrell | root at alphacomplex.org | http://www.cantrell.org.uk/david/

    This is a signature.  There are many like it but this one is mine.

** I read encrypted mail first, so encrypt if your message is important **