[PVE-User] Proxmox and multiple VPN connections
lonnie at biofuelstechnologyinc.com
Fri Oct 15 21:33:38 CEST 2010
Greetings Diaolin (and list members),
>> Proxmox container. Each container would not really be running anything
>> Of course, the base idea is to test out this with 5 machines and then
>> see how it scales to say 100, and more, Proxmox containers on a single
> But why????
If I understood correctly in my reading on DG then it may be fine for
a reasonable number of USERS and GROUPS, but doesn't scale well when
you are talking about many (perhaps thousands) of completely different
groups of rules. This is why I was thinking that container based
Proxmox/DG solution might be better from the scaling and security
standpoint as each instance is running in a separate container and can
be configured for that particular USER (if 1 VPN connection) or GROUP
(if multiple VPN connections) to that single container.
>> Also, the idea could be, at a later time, to allow a single Proxmox
>> container to allow multiple VPN connections and support multiple
>> client machines under the same set of content filtering rules in
>> DanGuardian. This might be used to support a small school computer lab
>> or something.
> use the "USER" AND THE GROUPS of DG, one server many connections
> it works like a charm
> Your solution is too complicated and the administration will be
> a suicide....
Yes, I was thinking that the administrations might be a challenge, but
could easily dynamically change each client machine (or group) easily
and as needed.
I was actually thinking about some type of a web interface that could
be used to change each set of DG rules for a single user or group.
> If you will i could explain my configs, i have many schools as my customers
Yes, I would like to know more about your solution and to see if
perhaps I am actually thinking about a similar thing.
Please feel free to contact me directly via email since it sounds like
your are not suggesting to use Proxmox (which also looks very exciting
and I cannot wait to use it in a project at some point) and this is
their mailing list. We should not discuss non-proxmox related items
with additional email traffic that others may not be interested in
seeing on the mailing list, ok.
> One thing can be:
> 1) firewall
> 2) dansguardian
> 3) squid
> each one in a separate machine
Yes I see. I have set up a couple of masquerading firewalls in the
past using things like SmoothWall (Opensource version) which worked
well, but never a squid that allowed content filtering and complete
VPN channels for each user/group.
Look forward to talking to you more at which time I will explain more
about the idea, ok.
More information about the pve-user