mandos-server not on local lan?
Teddy Hogeborn
teddy at fukt.bsnet.se
Fri Feb 13 11:55:03 CET 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
william maddler <news at maddler.net> writes:
>> just found mandos project and sounds pretty interesting but I'd
>> need to deploy mandos-server on a different LAN with different
>> IP/subnet. Is there a way to tell clients to directly point a
>> specific address instead of using discovery on local lan?
>
> Not at the moment.
With the recent release of 1.0.6, it should be possible. The simplest
way is this:
1. Configure a fixed port number on the server.
2. On the client, edit grub/menu.lst, grub/grub.cfg or lilo.conf or
similar to add two kernel command line options:
ip=<ADDRESS>::<GATEWAY>:<NETMASK>:<HOSTNAME>:<NETWORK_INTERFACE>
mandos=connect:<SERVER_ADDRESS>:<SERVER_PORT>
For example, assuming a Mandos client named "megalith" with address
192.0.2.3 on a /24 network, using GRUB legacy, and the Mandos server
on 192.0.0.2 port 4711, one would edit /boot/grub/menu.lst on the line
marked "# kopt", and append this:
ip=192.0.2.3::192.0.2.1:255.255.255.0:megalith:eth1 mandos=connect:192.0.0.2:4711
(Note: this functionality is new, and has only been briefly verified,
not extensively tested.)
/Teddy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJlVGJOWBmT5XqI90RAkp+AJ95PsKW0Qwju3mP4ReGIV2B0OXRZQCguY5s
obvg0GCvzUEdxHiHz/BZ9I4=
=aYD9
-----END PGP SIGNATURE-----
More information about the Mandos-Dev
mailing list