#arpnetworks/ 2015-11-18,Wed

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***mnathani has joined #arpnetworks [00:33]
....... (idle for 32mn)
mnathani has quit IRC (Ping timeout: 246 seconds) [01:05]
........................................................ (idle for 4h37mn)
ziyourenxiang has joined #arpnetworks
ziyourenxiang has quit IRC (Changing host)
ziyourenxiang has joined #arpnetworks
[05:42]
.................... (idle for 1h37mn)
BryceBot has quit IRC (Ping timeout: 240 seconds)
BryceBot has joined #arpnetworks
[07:19]
.............................. (idle for 2h26mn)
mnathani_anyone know how to deploy rsa-token for use with vpn software, small business so no real servers just a bunch of workstations [09:46]
....... (idle for 32mn)
randallschwarts is missing, but thanks for the linkedin connect [10:18]
***gizmoguy has quit IRC (Ping timeout: 240 seconds)
gizmoguy has joined #arpnetworks
[10:28]
................ (idle for 1h15mn)
plettmnathani_: Actual RSA tokens? Or would any two-factor auth work? Also what vpn software?
If both are free choices, OATH tokens like Google Authenticator have a PAM module which can be hooked up to OpenVPN on Linux
[11:44]
............................................... (idle for 3h50mn)
***ziyourenxiang has quit IRC (Quit: Leaving) [15:35]
mnathani_plett: I was looking at using Cisco ASA firewall for the VPN hardware [15:43]
plettNo OpenVPN then [15:44]
mnathani_nope [15:44]
plettDo you have ASAs already, or are you going to be buying hardware for it? [15:44]
mnathani_buying
5505 is what I am looking at currently
[15:45]
plettUnless you have a hard requirement for ASAs specifically, I'd look at a software solution instead [15:46]
chrismsnzwe use openvpn with 2fa totp on linux, works fine
cert auth with totp as password
duo have a solution too
[15:47]
plettThat's not to say that ASAs don't work, they're very good at what they do. But you can get a lot more bang for your buck in a much more flexible package by buying a pair of 1U servers and doing it in software. CPUs these days have hardware offloading of crypto operations, which makes nice and fast [15:50]
chrismsnzfriend of mine had a pair of openbsd boxes for vpn termination, both died hours before 10 years of uptime
hahaha
rip
[15:51]
plettAnd I've had pairs of failover ASAs both fail at the same time :) [15:54]
mercutioeven without hardware offload of crypto modern cpus are pretty good at it.
with 10 year servers it's not uncommon to turn them off then find they won't turn on again
if they haven't been power cycled recently.
Well at least that was my experience years back.
I haven't seen a computer that's been used for 10 years any time recently.
[16:08]
...................... (idle for 1h48mn)
***carvite has quit IRC (Ping timeout: 250 seconds) [17:58]
...... (idle for 26mn)
dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks
medum_ has quit IRC (Ping timeout: 250 seconds)
dj_goku_ has quit IRC (Ping timeout: 250 seconds)
toeshred has quit IRC (Ping timeout: 250 seconds)
medum has joined #arpnetworks
toeshred has joined #arpnetworks
[18:24]
........... (idle for 51mn)
dj_goku has quit IRC (Remote host closed the connection) [19:18]
..... (idle for 22mn)
dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks
[19:40]
................................... (idle for 2h50mn)
brycecFYI up_the_irons, mercutio - Upgraded zeit to Debian Jessie, and finally got around to setting up firewalling on it. Let me know if you have any problems with it. (It's set to allow incoming NTP connections obviously, rate-limit incoming ssh, monitoring connections from me, ping, and only allows outbound packets/connections to its upstream NTP servers, its configured DNS servers, apt-get updates and
sending mail.)
[22:30]
...... (idle for 25mn)
mercutioheh zeit has a lot of free ram [22:55]
brycecI have no idea why up_the_irons gave it 2GB. It could run on 256MB quite easily.
It's currently using 108MB (not counting cache etc)
[23:01]
.... (idle for 19mn)
***rendrag_ has quit IRC (Ping timeout: 240 seconds) [23:20]
mercutiohow is debian apt-get with 256mb ram?
ubuntu with 256mb is pushing it these days
[23:34]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)