<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Mon, Sep 16, 2013 at 11:20 PM, Alex Carver <span dir="ltr"><<a href="mailto:agcarver+ale@acarver.net" target="_blank">agcarver+ale@acarver.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class=""><div class="h5">On 9/16/2013 18:20, Brian Mathis wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
On Mon, Sep 16, 2013 at 7:19 PM, Alex Carver <<a href="mailto:agcarver%2Bale@acarver.net" target="_blank">agcarver+ale@acarver.net</a>><u></u>wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
On 9/16/2013 14:21, Brian Mathis wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
I've not used it for this, but maybe you should look into setting up a VPN<br>
between the two servers using OpenVPN. This is essentially the same as<br>
what you're looking at using SSH for, except it would actually be a real<br>
VPN instead of hacking some stuff through SSH port forwards.<br>
<br>
<br>
</blockquote>
I've never set up a VPN so I'll likely have many questions when I get<br>
started. For example: if I set up the VPN server on one end and the<br>
client on the other then get them connected, is the connection<br>
bidirectional such that an initiator (e.g. ssh, browser, etc.) can be on<br>
either side or must all connections using the VPN be initiated on the<br>
client side of the VPN?<br>
<br>
As an example, suppose the app server (machine A) is the VPN client and<br>
the file server is the VPN server (machine B) so that A initiates a<br>
connection to B. Can an ssh client on B establish a connection to A going<br>
backwards from the A->B VPN link?<br>
</blockquote>
<br>
<br>
<br>
In the most basic setup, where you don't mess with routing or anything, you<br>
wind up with a point to point link between the 2 systems. Each system gets<br>
its own IP address which is part of the VPN network (separate from your<br>
existing subnet). Each system should be able to connect to the other by<br>
using the VPN IP address (bi-directional), and no other traffic should be<br>
routed over that. As long as you don't set the VPN link as the default<br>
gateway, it won't affect any other traffic.<br>
<br>
</blockquote>
<br></div></div>
So then by extension if I have two VPN clients connect to one server all three can communicate with each other over the VPN link?<div class=""><div class="h5"><br></div></div></blockquote></div><br><br></div><div class="gmail_extra">
Not without some kind of routing setup. A basic point-to-point VPN is like a wire connecting the two machines -- it's not a virtual network by itself.<br><br>If you need multiple app servers to connect to a central file server, then you'd need a separate VPN connection per app server. Each app server could talk to the file server, but not to each other (via VPN).<br>
<br></div><div class="gmail_extra"><br clear="all"><div>❧ Brian Mathis</div>
<br><br></div></div>