Re: [Vserver] VServers each with their own Cisco VPN-s - is that possible?

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Thu 21 Sep 2006 - 00:50:20 BST
Message-ID: <20060920235020.GB26786@MAIL.13thfloor.at>

On Wed, Sep 20, 2006 at 02:17:46PM +0200, Peter Valdemar Mørch wrote:
> Hi,
>
> We have 5 destinations, to which we need to establish VPNs using
> Cisco's VPN client. We want to ensure that none of these networks can
> see each other, and that even if someone were to gain root access to
> one virtual machine, that would not enable them to access the other
> networks.
>
> Right now we're running 5 VMWare virtual machines and then running
> Cisco vpnclients in each of them. But that creates a heavy load and
> doesn't scale.
>
> Can this be done with VServer instead?
>
> The FAQ says it can be done with OpenVPN, but I believe that OpenVPN
> is entirely userspace, whereas Cisco's VPN runs something in the
> kernel (I believe).

> Would this be possible and safe with VServer?

hard to answer, without knowing _what_ 'something in the
kernel' actually means ... do you have the source for
that something? what except tun does it use?

i.e. needs more investigation on your side first, but
probably the best way would be to try ...

Linux-VServer does not do network virtualization yet
it uses network isolation instead. nevertheless, this
is sufficient for some VPN setups as you figured ...

HTH,
Herbert

> Peter
> --
> Peter Valdemar Mørch
> http://www.morch.com
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Thu Sep 21 01:12:24 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 21 Sep 2006 - 01:12:33 BST by hypermail 2.1.8