[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replicate through an VPN ?

To: Su Tam Nguyen <sutamnguyen@gmail.com>
Subject: Re: Replicate through an VPN ?
From: Michael Ströder <michael@stroeder.com>
Date: Mon, 10 Oct 2005 19:57:32 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <514dcbf50510100005i3c9ff7e4ua50900a7fb1503c7@mail.gmail.com>
References: <514dcbf50510080137i7ec1fb7fpab2f964822fa74bd@mail.gmail.com> <4347FEEA.4080507@symas.com> <514dcbf50510100005i3c9ff7e4ua50900a7fb1503c7@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920

Su Tam Nguyen wrote:
> 
> I want to use IPSec to authencicate all packets.

Like Howard I'd strongly recommend to set up StartTLS ext. op. or LDAPS.
You could use client certificates for stronger authentication.

> BTW, I use OpenVPN to implement the VPN.

OpenVPN does not implement IPsec. It uses SSL (or TLS) as cryptographic
protocol. So better use the built-in SSL/TLS feature of OpenLDAP.

Ciao, Michael.

References:
- Replicate through an VPN ?
  - From: Su Tam Nguyen <sutamnguyen@gmail.com>
- Re: Replicate through an VPN ?
  - From: Howard Chu <hyc@symas.com>
- Re: Replicate through an VPN ?
  - From: Su Tam Nguyen <sutamnguyen@gmail.com>

Prev by Date: Re: slapd fails to start up in 2.3.8 and 2.3.9
Next by Date: Backup ldap server
Index(es):
- Chronological
- Thread