[Server-devel] IPv6 tunnels
Daniel Jared Dominguez
danjared at laptop.org
Sat Jun 9 19:47:29 EDT 2007
I have an initial tarball of the scripts we need, which are a hacked up
version of the scripts mentioned in the site I mentioned earlier. Since
the original scripts are GPL, we'll be fine with basing our work off of
them. I'd like to contact the original authors about our use of the
work, though. Hey, maybe we can even get them to help us out. ;)
Anyway, my tarball is at
http://dev.laptop.org/~danjared/olpc-tunnel-broker-scripts.tar.bz2
I haven't sanity-checked them too much but am about to board a plane
really soon. So, I figured that I should make it available for others to
look at. :)
Also, we *really* need more v6 address space soon...
--Jared
On Fri, 2007-06-08 at 13:33 -0400, Daniel Jared Dominguez wrote:
> In my search for a good way to do automatic tunneling of IPv6 to tubes,
> I found this, which looks like it might be exactly what we need (minus a
> few scripts to automate the process):
>
> http://www.join.uni-muenster.de/Dokumente/Howtos/Howto_OpenVPN_Tunnelbroker.php?lang=en
>
> So far I've just skimmed through but have a few comments:
> - We need to setup a CA if we're going to use TLS for tunneling (which
> we really want instead of IPSec since there is a much smaller learning
> curve)
> - How should we manage the CA key? That is, are there any big concerns
> we have in terms of security?
> - Are we going to generate a new client certificate for the servers and
> "install" them before we ship the machines or use some sort of
> autonegotiation or activation?
> - How concerned are we about backing up client certificates?
>
> --Jared
> _______________________________________________
> Server-devel mailing list
> Server-devel at lists.laptop.org
> http://lists.laptop.org/listinfo/server-devel
More information about the Server-devel
mailing list