[PVE-User] Proxmox and multiple VPN connections

Lonnie Cumberland lonnie at biofuelstechnologyinc.com
Fri Oct 15 21:33:38 CEST 2010


Greetings Diaolin (and list members),

>
> hi...
>
>> Proxmox container. Each container would not really be running anything
>> more.
>>
>> Of course, the base idea is to test out this with 5 machines and then
>> see how it scales to say 100, and more, Proxmox containers on a single
>> server.
>
>
> But why????
>

If I understood correctly in my reading on DG then it may be fine for
a reasonable number of USERS and GROUPS, but doesn't scale well when
you are talking about many (perhaps thousands) of completely different
groups of rules. This is why I was thinking that container based
Proxmox/DG solution might be better from the scaling and security
standpoint as each instance is running in a separate container and can
be configured for that particular USER (if 1 VPN connection) or GROUP
(if multiple VPN connections) to that single container.

>>
>> Also, the idea could be, at a later time, to allow a single Proxmox
>> container to allow multiple VPN connections and support multiple
>> client machines under the same set of content filtering rules in
>> DanGuardian. This might be used to support a small school computer lab
>> or something.
>
> use the "USER" AND THE GROUPS of DG, one server many connections
> it works like a charm
>
> Your solution is too complicated and the administration will be
> a suicide....
> :-)
>

Yes, I was thinking that the administrations might be a challenge, but
could easily dynamically change each client machine (or group) easily
and as needed.

I was actually thinking about some type of a web interface that could
be used to change each set of DG rules for a single user or group.

> If you will i could explain my configs, i have many schools as my customers
>

Yes, I would like to know more about your solution and to see if
perhaps I am actually thinking about a similar thing.

Please feel free to contact me directly via email since it sounds like
your are not suggesting to use Proxmox (which also looks very exciting
and I cannot wait to use it in a project at some point) and this is
their mailing list. We should not discuss non-proxmox related items
with additional email traffic that others may not be interested in
seeing on the mailing list, ok.

> One thing can be:
>
> 1) firewall
> 2) dansguardian
> 3) squid
>
> each one in a separate machine
>

Yes I see. I have set up a couple of masquerading firewalls in the
past using things like SmoothWall (Opensource version) which worked
well, but never a squid that allowed content filtering and complete
VPN channels for each user/group.

Look forward to talking to you more at which time I will explain more
about the idea, ok.

Thanks,
Lonnie



More information about the pve-user mailing list