Having been away from the coalface of networking for the past 5-6 years I could do with some help on a project which has some VPN requirements. Many years ago in my sysadminning days I used to run L2TP/IPSec and OpenVPN on Smoothwall on generic x86 boxen for site-to-site and remote worker VPNs but I'm not sure what's new/best these days!
We are currently undertaking an animal imaging R&D project where we are placing hardware (main system with IPMI + IPTV camera for general monitoring) on remote farms and need a means of securely managing them remotely.
We currently have a web service for transfer of the data resulting from local processing, have set up a "heartbeat" service to keep an eye on things and are using Teamviewer for remote management. Unfortunately, Teamviewer ain't much good when the box has been turned off (or a brownout caused by the vacuum pumps on the milking machine tripping the UPS into triggering a shutdown!) hence why we're now speccing the boxes with IPMI.
Some questions of how best to securely remotely access IPMI (and HTTPS for the IPTV camera, and FTPS for deploying new software versions) without port forwarding on the remote site firewall have arisen:
Any ideas/suggestions?
We are currently undertaking an animal imaging R&D project where we are placing hardware (main system with IPMI + IPTV camera for general monitoring) on remote farms and need a means of securely managing them remotely.
We currently have a web service for transfer of the data resulting from local processing, have set up a "heartbeat" service to keep an eye on things and are using Teamviewer for remote management. Unfortunately, Teamviewer ain't much good when the box has been turned off (or a brownout caused by the vacuum pumps on the milking machine tripping the UPS into triggering a shutdown!) hence why we're now speccing the boxes with IPMI.
Some questions of how best to securely remotely access IPMI (and HTTPS for the IPTV camera, and FTPS for deploying new software versions) without port forwarding on the remote site firewall have arisen:
- Protocol?
- Needs to be NAT-traversing with zero config on client-side firewall
- Needs to be fairly lightweight/performant
- Ideally something open so we're not tied to a particular vendor
- Hardware?
- Small
- Easy-to-manage
- Relatively inexpensive
- Ideally an "appliance" that doesn't require any buildout
- Architecture?
- Bridge into one massive flat L2 network
- Routing at head office device
- NAT at client devices
Any ideas/suggestions?