New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Best to use private network and have clients VPN in for any type of remote management.
Access to ipmi, ilo, idrac only through vpn.
And I second that!
NEVER, under any circumstances, expose IPMI/iDRAC/iLO to the public internet!
^
Definitely. Nullroute the IP at least and allow the client to connect through VPN or whitelist his IP for the IPMI, automate it.
Public IPMIs are a disaster waiting to happen.
What type of VPN would allow clients to connect only to their assigned IDRAC IP though?
What type of VPN as far as protocol goes?
One where the VPN concentrator can enforce ACL's based on the user connecting.
Well the protcol doesn't matter. You'd write the acls in the firewall. For full isolation though, you'd have to do the rules on the switch level, set up custom vrfs.
Personally, we put IPMI/DRAC/ILO on a protected/internal ips only VLAN. Then have a VPN that allows authenticated clients access to the IPMIs. We limit access to customers only, but not per customer. The customer will have his/her own user/password to access their specific server.
This, but VLAN isolation as well, so no one from other VLANs can access another clients server. Going to the extent of VRFs is not required at all.
So you just give access to everyones IPMI at a simple request of VPN credentials? That sounds like a big security flaw.
I know of a provider that splits up the private NIC + IPMI into their own VLAN, and assigns IPs accordingly.
The OpenVPN setup only hands out the ranges that belongs to you, and firewalls the rest off. If you blow up your own servers, that's on you.
Well looks to all be a moot point here as OP was banned 🤣
He was a scammer.
ScamTag.
@JackH @trewq It would be a nice thing if in a banned member's wall we could see the reason or the ban and if it is a temp or perm one. Just a suggestion
And if its a temporary ban, can we see the time?