| 1 |
On Thu, Feb 9, 2012 at 10:48 PM, Pandu Poluan <pandu@××××××.info> wrote: |
| 2 |
> Scenario: I have a server in the cloud that needs to connect to an internal |
| 3 |
> server in the office. There are 2 incoming connections into my office, ISP |
| 4 |
> "A" and ISP "B". The primary connection is A, but if A goes down, we can use |
| 5 |
> B. The app running on the cloud server has no automatic failover ability |
| 6 |
> (i.e., if A goes down, someone must change the app's conf to point to B). |
| 7 |
> |
| 8 |
> My thought: If I can make a tunnel from the server to the FortiGate firewall |
| 9 |
> currently guarding the HQ, the cloud app can simply be configured to connect |
| 10 |
> to the internal IP address of the internal server. No need to manually |
| 11 |
> change the app's conf. |
| 12 |
> |
| 13 |
> The need: a VPN client that: |
| 14 |
> + can selectively send packets fulfilling a criteria (in this case, dest= IP |
| 15 |
> address of internal server)* |
| 16 |
> + has automatic failover and failback ability |
| 17 |
> |
| 18 |
> *solutions involving iptables and iproute2 are also acceptable |
| 19 |
> |
| 20 |
> Can anyone point me to the right direction re: what package and the relevant |
| 21 |
> howto? |
| 22 |
> |
| 23 |
> Thanks in advance. |
| 24 |
> |
| 25 |
> Rgds, |
| 26 |
|
| 27 |
Not exactly what you're looking for, but this might help: |
| 28 |
|
| 29 |
http://www.ntop.org/products/n2n/ |
| 30 |
|
| 31 |
That would set up reliable visibility on layer 2. You probably want to |
| 32 |
employ something like 802.1x on top of it. |
| 33 |
-- |
| 34 |
:wq |
Archives