[HECnet] VPN?

[Sampsa Laine]

Add security?
You mean as in me opening my internal network to all kind of IP traffic
from any other HECnet user? As opposed to today, when they can only
transmit DECnet packets to my internal network?

Not forgetting that we'd still need the bridge software, since no VPN
solution I know of, is able to route DECnet natively.


Well I was personally gonna move my HECNET stuff onto a separate VLAN, what I meant was that running the bridge say over a VPN would add some security from the outside world - obviously this is probably pretty negligible anyway.


And not to forget that DYNDNS is a security problem in itself. :-)
And we'd also still get the occasional disruption in traffic when
someones address do change, until the DNS is updated and propagated.


Fair point.

Maybe it would be more worthwile for someone to hack my bridge just a
little, so that changes in DNS names were discovered, and automatically
handled.
Heck, you don't even have to change my bridge program. Just add a small
monitoring program, who don't do anything else than regularly check if
any of the names in the bridge.conf file have changed to resolve to a
different IP address, and if so, send a HUP to the bridge program, and
we'll be back in business.

I'm all for this...


Sampsa