[ale] Remote file systems and tunnels

Brian Mathis brian.mathis+ale at betteradmin.com
Tue Sep 17 10:47:36 EDT 2013 

On Mon, Sep 16, 2013 at 11:20 PM, Alex Carver <agcarver+ale at acarver.net>wrote:

> On 9/16/2013 18:20, Brian Mathis wrote:
>
>> On Mon, Sep 16, 2013 at 7:19 PM, Alex Carver <agcarver+ale at acarver.net>**
>> wrote:
>>
>>  On 9/16/2013 14:21, Brian Mathis wrote:
>>>
>>>  I've not used it for this, but maybe you should look into setting up a
>>>> VPN
>>>> between the two servers using OpenVPN.  This is essentially the same as
>>>> what you're looking at using SSH for, except it would actually be a real
>>>> VPN instead of hacking some stuff through SSH port forwards.
>>>>
>>>>
>>>>  I've never set up a VPN so I'll likely have many questions when I get
>>> started.  For example:  if I set up the VPN server on one end and the
>>> client on the other then get them connected, is the connection
>>> bidirectional such that an initiator (e.g. ssh, browser, etc.) can be on
>>> either side or must all connections using the VPN be initiated on the
>>> client side of the VPN?
>>>
>>> As an example, suppose the app server (machine A) is the VPN client and
>>> the file server is the VPN server (machine B) so that A initiates a
>>> connection to B.  Can an ssh client on B establish a connection to A
>>> going
>>> backwards from the A->B VPN link?
>>>
>>
>>
>>
>> In the most basic setup, where you don't mess with routing or anything,
>> you
>> wind up with a point to point link between the 2 systems.  Each system
>> gets
>> its own IP address which is part of the VPN network (separate from your
>> existing subnet).  Each system should be able to connect to the other by
>> using the VPN IP address (bi-directional), and no other traffic should be
>> routed over that.  As long as you don't set the VPN link as the default
>> gateway, it won't affect any other traffic.
>>
>>
> So then by extension if I have two VPN clients connect to one server all
> three can communicate with each other over the VPN link?
>
>

Not without some kind of routing setup.  A basic point-to-point VPN is like
a wire connecting the two machines -- it's not a virtual network by itself.

If you need multiple app servers to connect to a central file server, then
you'd need a separate VPN connection per app server.  Each app server could
talk to the file server, but not to each other (via VPN).


❧ Brian Mathis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130917/fdfc0811/attachment.html>

More information about the Ale mailing list