I use OpenVPN to access an Admin/sandboxed network with insecure portals, wiki, and ipmi. hmmmm. 'cept when it is the openvpn server's ipmi. but good hack. i may use it, as i already do openvpn. thanks.
randy What you can also do if you want to remove the dependence on the OpenVPN server (e.g. smaller networks where the overhead would be high, or to mitigate failures of the OpenVPN server) is to use your existing pattern of whitelisting IPs using ACLs, but instead of modifying the rules all
On 06/02/2014 08:26 AM, Randy Bush wrote: the time, just run a small external server with a static IP, and allow that IP access through all of your ACLs. Amazon EC2 instances are great for this. Assign an Elastic IP (i.e. static IP), and turn the instance on when you need it, shut it down when you're done. If there happens to be a failure at Amazon right at the same time you have a failure... spin up a new instance in a different zone and give it the Elastic IP. No mucking about with ACLs, etc. Costs a few cents to run for whatever length of time it takes to fix your issue, and is reasonably secure (especially if you shut the box off when you're not using it). - Peter