[Freeipa-users] Give laptops bidirectional anywhere access to freeipa and /home/
Christian Horn
chorn at fluxcoil.net
Wed May 12 06:54:57 UTC 2010
On Tue, May 11, 2010 at 04:42:26PM -0500, Rob Townley wrote:
> Microsoft is touting "Direct Access" as a main reason to upgrade to
> Win2008R2 / Win7.
All i see there functionalitywise can be provided by a vpn-endpoint
using kerberos/ldap for authentication/authorization.
As a feature i read 'use homeshare without using the vpn' but in the
end its just 'using a remote filesystem using the computer principal
for authentication'.
> HOW:
> Use existing cross platform tunneling and tap devices for LinMacWin -
> very well tested. Comes with tinc-vpn.
> tinc-vpn for the virtual IP addresses. These are secondary IP
> addresses all machines would have.
> dynamic dns port numbers stored in bind's SRV or TXT records for easy
> configuration.
> tinc-vpn keys stored in dns KEY record for key management.
> tinc-vpn can use IPv6 if needed.
> tinc-vpn for the encryption now, ipSec later?
>
> FreeIPA provides the centralized management infrastructure that
> tinc-vpn like solutions are missing.
If tinc can already work using kerberos/ldap for authentication/au-
thorization then you could create a howto or maybe tinc-package with
the appropriate libraries.
This would then add vpn-endpoint functionality to freeipa.
Christian
More information about the Freeipa-users
mailing list