[Server-devel] IPv6 tunnels
Daniel Jared Dominguez
danjared at laptop.org
Fri Jun 8 13:33:04 EDT 2007
In my search for a good way to do automatic tunneling of IPv6 to tubes,
I found this, which looks like it might be exactly what we need (minus a
few scripts to automate the process):
http://www.join.uni-muenster.de/Dokumente/Howtos/Howto_OpenVPN_Tunnelbroker.php?lang=en
So far I've just skimmed through but have a few comments:
- We need to setup a CA if we're going to use TLS for tunneling (which
we really want instead of IPSec since there is a much smaller learning
curve)
- How should we manage the CA key? That is, are there any big concerns
we have in terms of security?
- Are we going to generate a new client certificate for the servers and
"install" them before we ship the machines or use some sort of
autonegotiation or activation?
- How concerned are we about backing up client certificates?
--Jared
More information about the Server-devel
mailing list