[geeks] Anyone need some computing time or shell?
David Cantrell
geeks at sunhelp.org
Sat Mar 17 06:25:34 CST 2001
--5vNYLRcllDrimb99
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
> Interesting idea, and I can see it working for some protocols, but there =
is
> the assymetric routing issue for VPN sessions. You would have to state
> synchronize the IPSEC gateways, and use seom kind of stateful session
> management. Similar to say Checkpoint FW-1's high availability gateways
> function.
>=20
> Also it probably wouldnt work too well for encrypted protocols. They real=
ly
> want to have the same source as destination. Of course it could all be
> implemented with dynamic routing, stateful inspectiona and session
> management, and transparent static NAT.
Yeah, that's pretty much what I was thinking. It'll be a lot of work to
get it working, but the benefits would be huge - specially with the snooping
powers some governments seem hell-bent on giving themselves :-(
> Fun stuff what ;-) Sometimes I love my job. I had to deal with an issu
> similar to this in designing a highly available 150 node (300 gateway) VPN
> mesh for a set of 1918 addressed backends.
I wasn't thinking *quite* that big! Maybe five or six gateways initially.
--=20
David Cantrell | root at alphacomplex.org | http://www.cantrell.org.uk/david/
This is a signature. There are many like it but this one is mine.
** I read encrypted mail first, so encrypt if your message is important **
--5vNYLRcllDrimb99
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6s1e8QmE+qbO4leURAjkRAKCDt1+Yb7tvXLAFXrbCg+MccdkPfQCdFli3
hmhqVa54+pY0CnGdOees+Xs=
=yf0i
-----END PGP SIGNATURE-----
--5vNYLRcllDrimb99--
More information about the geeks
mailing list