| 1 |
On Thu, 21 Jan 2016 17:18:27 -0800, Grant wrote: |
| 2 |
|
| 3 |
> > There is ZeroTier as a replacement for OpenVPN, and Syncthing for |
| 4 |
> > syncing. Both are P2P solutions and you can run your own discovery |
| 5 |
> > servers if you don't want any traffic going through a 3rd party |
| 6 |
> > (although they don't send data through the servers). |
| 7 |
> > |
| 8 |
> > I've no idea whether that would meet your security criteria but it |
| 9 |
> > certainly fulfils the "easier than OpenVPN" one. It will take only a |
| 10 |
> > few minutes to install and setup using the public servers, although, |
| 11 |
> > as I said, your network is never public, so you can check whether |
| 12 |
> > they do what you want. Then you can look at hosting your own server |
| 13 |
> > for security. |
| 14 |
> > |
| 15 |
> > https://www.zerotier.com/ |
| 16 |
> > https://syncthing.net/ |
| 17 |
|
| 18 |
> Zerotier looks especially interesting. Can I have machine A listen for |
| 19 |
> Zerotier connections, have machine B connect to machine A via Zerotier, |
| 20 |
> have machine C connect to machine A via Zerotier, and rsync push from B |
| 21 |
> to C? |
| 22 |
|
| 23 |
You set up a network and the machines all connect to that network, so A, |
| 24 |
B and C can all talk to each other. |
| 25 |
|
| 26 |
> Does connecting two machines via Zerotier involve any security |
| 27 |
> considerations besides those involved when connecting those machines to |
| 28 |
> the internet? In other words, is it a simple network connection or are |
| 29 |
> other privelages involved with that connection? |
| 30 |
|
| 31 |
Connections are encrypted, handled by the ZeroTier protocols, but |
| 32 |
otherwise it behaves like a normal network connection. |
| 33 |
|
| 34 |
> Can I somehow require the Zerotier connection between machines A and C |
| 35 |
> in order for C to pass HTTP basic authentication on my web server which |
| 36 |
> resides elsewhere? Maybe I can route all traffic from machine C to my |
| 37 |
> web server through C's Zerotier connection to A and lock down basic |
| 38 |
> authentication on my web server to machine A? |
| 39 |
|
| 40 |
Your ZeroTier connections are on a separate network, you pick an address |
| 41 |
block when you set up the network but that network is only accessible to |
| 42 |
other machines connected to your ZeroTier network. You can have ZT |
| 43 |
allocate addresses within that block, it's not dynamic addressing because |
| 44 |
one a client is given an address, it always gets the same address, or you |
| 45 |
can specify the address for each client. So you can include an address |
| 46 |
requirement in your .htaccess to ensure connections are only allowed from |
| 47 |
your ZT network. |
| 48 |
|
| 49 |
|
| 50 |
-- |
| 51 |
Neil Bothwick |
| 52 |
|
| 53 |
furbling, v.: |
| 54 |
Having to wander through a maze of ropes at an airport or bank |
| 55 |
even when you are the only person in line. |
| 56 |
-- Rich Hall, "Sniglets" |
Archives