1 |
On Thu, 21 Jan 2016 17:18:27 -0800, Grant wrote: |
2 |
|
3 |
> > There is ZeroTier as a replacement for OpenVPN, and Syncthing for |
4 |
> > syncing. Both are P2P solutions and you can run your own discovery |
5 |
> > servers if you don't want any traffic going through a 3rd party |
6 |
> > (although they don't send data through the servers). |
7 |
> > |
8 |
> > I've no idea whether that would meet your security criteria but it |
9 |
> > certainly fulfils the "easier than OpenVPN" one. It will take only a |
10 |
> > few minutes to install and setup using the public servers, although, |
11 |
> > as I said, your network is never public, so you can check whether |
12 |
> > they do what you want. Then you can look at hosting your own server |
13 |
> > for security. |
14 |
> > |
15 |
> > https://www.zerotier.com/ |
16 |
> > https://syncthing.net/ |
17 |
|
18 |
> Zerotier looks especially interesting. Can I have machine A listen for |
19 |
> Zerotier connections, have machine B connect to machine A via Zerotier, |
20 |
> have machine C connect to machine A via Zerotier, and rsync push from B |
21 |
> to C? |
22 |
|
23 |
You set up a network and the machines all connect to that network, so A, |
24 |
B and C can all talk to each other. |
25 |
|
26 |
> Does connecting two machines via Zerotier involve any security |
27 |
> considerations besides those involved when connecting those machines to |
28 |
> the internet? In other words, is it a simple network connection or are |
29 |
> other privelages involved with that connection? |
30 |
|
31 |
Connections are encrypted, handled by the ZeroTier protocols, but |
32 |
otherwise it behaves like a normal network connection. |
33 |
|
34 |
> Can I somehow require the Zerotier connection between machines A and C |
35 |
> in order for C to pass HTTP basic authentication on my web server which |
36 |
> resides elsewhere? Maybe I can route all traffic from machine C to my |
37 |
> web server through C's Zerotier connection to A and lock down basic |
38 |
> authentication on my web server to machine A? |
39 |
|
40 |
Your ZeroTier connections are on a separate network, you pick an address |
41 |
block when you set up the network but that network is only accessible to |
42 |
other machines connected to your ZeroTier network. You can have ZT |
43 |
allocate addresses within that block, it's not dynamic addressing because |
44 |
one a client is given an address, it always gets the same address, or you |
45 |
can specify the address for each client. So you can include an address |
46 |
requirement in your .htaccess to ensure connections are only allowed from |
47 |
your ZT network. |
48 |
|
49 |
|
50 |
-- |
51 |
Neil Bothwick |
52 |
|
53 |
furbling, v.: |
54 |
Having to wander through a maze of ropes at an airport or bank |
55 |
even when you are the only person in line. |
56 |
-- Rich Hall, "Sniglets" |