Once upon a time, shawn wilson <ag4ve.us@gmail.com> said:
So, kinda the same idea - just put IPMI on another network and use ssh forwards to it. You can have multiple boxes connected in this fashion but the point is to keep it simple and as secure as possible (and IPMI security doesn't really count here :) ).
For basic IPMI, SSH forwards will work, but some of the web/Java based KVM-over-IP on IPMI BMCs tend to not work well with that. For IPMI things like power control and serial-over-LAN, I put the IPMI on a separate VLAN (most semi-recent BMCs can handle a VLAN tag) and then just use "ipmitool" on a Linux system connected to the same VLAN (no port-forwarding or VPN required). I only use a VPN-type setup when I need to use a KVM console. -- Chris Adams <cma@cmadams.net>