[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
Just re-read this section and had a few thoughts > What i would like to get together is almost replicate the normal win2k > domain login to keep consistancy with what they users are used too. They > all develop in win32 so there is no getting away from the windows angle. > So each user will be presented with a domain login screen which then > implements the whole hog, they then inherit the whole active directory > groups and users permission set up & each client can access each others > machines via network neighbourhood, net sends, internal msn, i need to > get some internal video conferencing together as well (but one thing at > a time eh). But the AD stuff is most the most important. > Although each client can connect to the server connecting to each other (client-client) is difficult. Some of the protocols involved are non-routeable, i believe, so you will have to masqurade all the clients as the same private subnet and you don't want these sort of protocols flying around unencripted either. You will be able to see everybody in the browselist (as the server knows where eveybody is) but communication between clients will attempt to go direct so you may need some "hairy" routing to create a virtual subnet. If you allow direct client-client access every client will need its own Certificate athority and evey client will need every other clients public certificate, instead of just one CA on the server and a certificate for each client. But the server aproach will double the bandwitdth usage / CPU as the packets must enter your gateway server, be decripted, be routed, be encripted and send to the other client! Just some thoughts! anyway more importantly links:- look at http://vpn.ebootis.de/ for windows client and basic linux server setup info plus windows helper progs and look at http://www.freeswan.ca for superfreeswan / x509 patches for normal freeswan. Regards Robin
Attachment:
pgp00047.pgp
Description: signature