nanog mailing list archives
Re: ipmi access
From: Peter Kristolaitis <alter3d () alter3d ca>
Date: Mon, 02 Jun 2014 10:13:40 -0400
On 06/02/2014 08:26 AM, Randy Bush wrote:
What you can also do if you want to remove the dependence on the OpenVPN server (e.g. smaller networks where the overhead would be high, or to mitigate failures of the OpenVPN server) is to use your existing pattern of whitelisting IPs using ACLs, but instead of modifying the rules all the time, just run a small external server with a static IP, and allow that IP access through all of your ACLs.I use OpenVPN to access an Admin/sandboxed network with insecure portals, wiki, and ipmi.hmmmm. 'cept when it is the openvpn server's ipmi. but good hack. i may use it, as i already do openvpn. thanks. randy
Amazon EC2 instances are great for this. Assign an Elastic IP (i.e. static IP), and turn the instance on when you need it, shut it down when you're done. If there happens to be a failure at Amazon right at the same time you have a failure... spin up a new instance in a different zone and give it the Elastic IP. No mucking about with ACLs, etc. Costs a few cents to run for whatever length of time it takes to fix your issue, and is reasonably secure (especially if you shut the box off when you're not using it).
- Peter
Current thread:
- Re: ipmi access, (continued)
- Re: ipmi access Jeroen Massar (Jun 02)
- Re: ipmi access Paul S. (Jun 02)
- Re: ipmi access Brian Rak (Jun 02)
- Re: ipmi access Randy Bush (Jun 02)
- Re: ipmi access Andrew Latham (Jun 02)
- Re: ipmi access coy . hile (Jun 02)
- Re: ipmi access shawn wilson (Jun 02)
- Re: ipmi access Chris Adams (Jun 02)
- Re: ipmi access Jimmy Hess (Jun 02)
- Re: ipmi access shawn wilson (Jun 02)
- Re: ipmi access Peter Kristolaitis (Jun 02)
- Re: ipmi access Randy Bush (Jun 02)
- Re: ipmi access Christopher Morrow (Jun 02)
- Re: ipmi access shawn wilson (Jun 02)
- Re: ipmi access Blake Hudson (Jun 02)
- Re: ipmi access Christopher Morrow (Jun 02)
- Re: ipmi access Nikolay Shopik (Jun 02)
- Re: ipmi access Christopher Morrow (Jun 02)