Quote:
Originally Posted by fjwcash
passwordless private keys...
|
- I use passworded private keys, not passwordless;
- I use this for road warrior client-to-gateway vpn, not site to site; and
- Nothing stopping you your uses, though.
The challenge may be scaling, as you need a tun[0,...,n] interface for each concurrent connection on the gateway machine. This isn't a problem for my use, as three concurrent sessions is the upper need limit.
The feature of ssh -w (for me) is that,
- the needed wares are already on every box I operate, therefore, nothing extra to install or maintain;
- I use ssh already;
- configuring the vpn tunnel is a whole heck of a lot easier then ipsec; and
- so far, I can easily pass through tight firewalls and nat setups that are not under my control.
/S