check_by_ssh
Paul L. Allen
pla at softflare.com
Wed Jan 21 16:52:42 CET 2004
Scott Moynes writes:
>> I could be wrong on this, but I'm pretty sure I dismissed stunnel as
>> a VPN technology years ago, Using a VPN technology to do this sort
>> of thing is a good solution, if only there were a VPN technology I
>> believed to be worthy.
>
> Indeed, but often it is difficult to find good solutions to dumb
> problems. Sometimes acceptable is all you can hope for.
My essential criteria for software VPN for Nagios use:
1) Must cope gracefully with temporary outages: Must not die if
the internet goes away for a while. Must automatically recover within
a sensible timescale when the internet returns. Must automatically
connect after a reboot at either end.
2) Must be relatively efficient: Must not tunnel tcp over tcp because
congestion algorithsm aren't designed to cope with tcp over tcp and
the backoffs rapidly grow to silly sizes.
3) Must have good security: Must have strong encryption, used correctly.
I have yet to find a VPN technology that doesn't fail to meet at least
one of those requirements and most seem to fail to meet two of the
requirements. There is also another requirement for use outside of
Nagios: Must be available for both Windows and Linux. We set up VPNs for
clients with Windows boxes and I'd prefer not to have to deal with two
tunneling technologies but could cope with that if I had to.
So far, I've not found a VPN technology I consider acceptable. But since
the machines we're monitoring usually implement PPTP VPNs for client use
(so the security holes are present whether I use it for Nagios or not)
that looks like the least worse choice. If there were something better,
somebody would probably have mentioned it by now. :(
--
Paul Allen
Softflare Support
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list