Disabling External Ping, VPN drops.
-
stunnel is a form of VPN: https://www.stunnel.org/index.html
-
@PSX_Defector said:
That would be remote printers, printing locally has a completely different connotation.
I never let people create spoolers from the client. Usually because people are duplicating things over and over and over again with their printers and it gets to be a big mess. Cleaning up queues is my least favorite operator duty.
If you absolutely must setup something like that, better to use a PDF writer. Cleaner, less driver kludges, and you can spin up the spoolers to make it into one single queue instead of the goons spinning up 5 or more printers because they have tons of them at home.
Haven't checked yet, but you should be able to encapsulate the traffic over Pertino for that. Then it's just a matter of having something that will play man in the middle. Of course, popping open a telnet proxy would be easier still.
A telnet proxy? since the home user's IP can change, kinda hard to lock it down, unless there is something I'm missing.
This is a tiny company 8 employees, and not a technical pone in the company so they can't create anything that a consultant doesn't for them.. no worries about them creating a bunch of printers. I moved them off the home dial into the 400 about 10 years ago to a VPN connection. it was/is a lot faster.
How would you encapsulate the traffic from the 400 to the home user's computer?
-
@Dashrender said:
How would you encapsulate the traffic from the 400 to the home user's computer?
VPNs encapsulate everything on the network.
-
@scottalanmiller said:
@Dashrender said:
How would you encapsulate the traffic from the 400 to the home user's computer?
VPNs encapsulate everything on the network.
Yeah.. I know that! other than using an onsite device, say a ASA/sonicwall, etc to terminate the tunnel - how are you getting the traffic into the tunnel in the first place?
-
What's wrong with a device? Once you are at the level of an System i, having a VM with pfSense for VPNs is pretty trivial.
-
But why not use the built in VPN capabilities on the System i box? Not like you can't SSH or stunnel natively.
-
@scottalanmiller said:
But why not use the built in VPN capabilities on the System i box? Not like you can't SSH or stunnel natively.
I am already using a device for that customer (ASA). This whole thing came up because you can't use my situation and Pertino together.
-
@Dashrender said:
@scottalanmiller said:
But why not use the built in VPN capabilities on the System i box? Not like you can't SSH or stunnel natively.
I am already using a device for that customer (ASA). This whole thing came up because you can't use my situation and Pertino together.
That's correct, Pertino is not a traditional VPN but a software defined network that is an overlay to your entire network and does not support System "i" at all (and probably never will, it is a tiny piece of the market.) As System "i" is its own OS and not UNIX in any way, it is very costly to support not only because it is an entirely separate platform but because it is one that costs a fortune to maintain testing equipment and development tools for.
-
@Dashrender said:
Yeah yeah... it's a, nope It's an AS400! The unit is from 1998 I think, but it could be older.
Holy cow. I threw out my top of the line AS/400 from 1999 many years ago. Sent it to recycling!! That was my personal one. It was eleven rack units. Took two box trucks to move it.
-
@Dashrender said:
I am already using a device for that customer (ASA). This whole thing came up because you can't use my situation and Pertino together.
Just went back and read the thread to see what the topic was at this point
Yeah, can't use any of those technologies with an AS/400. Time to move to the century, err, millennium. -
@Dashrender said:
@scottalanmiller said:
But why not use the built in VPN capabilities on the System i box? Not like you can't SSH or stunnel natively.
I am already using a device for that customer (ASA). This whole thing came up because you can't use my situation and Pertino together.
You really can't beat an ASA for VPN. It works so well, and with a variety of clients. Pertino isn't designed to connect a computer to an infrastructure; it's designed to connect individual computers together. For a traditional business, it isn't quite a good fit just yet. If/when the get it set up so that you can connect a computer to your infrastructure, that'll change things for the better.
-
It would be nice to see a VPN/Pertino appliance for say a home network. There are times when you need to hang a printer directly on the network for printing, so the appliance would be nice... but it's really no different than putting ASAs on both sides.
-
@Dashrender said:
It would be nice to see a VPN/Pertino appliance for say a home network. There are times when you need to hang a printer directly on the network for printing, so the appliance would be nice... but it's really no different than putting ASAs on both sides.
Something like a Sophos RED?
-
@Dashrender said:
It would be nice to see a VPN/Pertino appliance for say a home network. There are times when you need to hang a printer directly on the network for printing, so the appliance would be nice... but it's really no different than putting ASAs on both sides.
Pertino is looking at that stuff. Because of the full mesh system, gateways are problematic and require a lot of special attention. IP handling isn't trivial.
-
We've spoken about this in another thread, I know it's on their radar.
-
@Dashrender said:
We've spoken about this in another thread, I know it's on their radar.
Long-term data retention's on Mozy's radar, too. That doesn't make the product any more usable.
-
true, which is why I'm not really even considering them for any of my current solutions
