mandos-server not on local lan?
belorn at fukt.bsnet.se
belorn at fukt.bsnet.se
Fri Jan 30 00:14:40 CET 2009
> Hello,
> just found mandos project and sounds pretty interesting but I'd need to
> deploy mandos-server on a different LAN with different IP/subnet. Is
> there a way to tell clients to directly point a specific address instead
> of using discovery on local lan?
Not at the moment. Mandos relies on ZeroConf for host discovery since the
network in the initrd stage is not setup beyond IPv6 link-local which can
only be used inside the LAN. On the upside, Mandos servers work great
together (they dont effect each other), so if you use more than one
server; you won't need to worry about conflicts. Alternatively you could
try to do something like forward the ZeroConf traffic through the routers
but that is probably a bit messy to setup, and very probably not supported
by the ZeroConf standard.
DHCP support as a alternative to ZeroConf is something that is planned to
be added in the future, but is not a priority at the moment.
So, no, servers have to exist on the same LAN, but you can have many
servers without conflicts, so servers on the same LAN can be the Mandos
servers for each other.
/Belorn
More information about the Mandos-Dev
mailing list