cma at cmadams.net
Mon Jun 2 13:28:33 UTC 2014
Once upon a time, shawn wilson <ag4ve.us at gmail.com> said:
> So, kinda the same idea - just put IPMI on another network and use ssh
> forwards to it. You can have multiple boxes connected in this fashion
> but the point is to keep it simple and as secure as possible (and IPMI
> security doesn't really count here :) ).
For basic IPMI, SSH forwards will work, but some of the web/Java based
KVM-over-IP on IPMI BMCs tend to not work well with that.
For IPMI things like power control and serial-over-LAN, I put the IPMI
on a separate VLAN (most semi-recent BMCs can handle a VLAN tag) and
then just use "ipmitool" on a Linux system connected to the same VLAN
(no port-forwarding or VPN required). I only use a VPN-type setup when
I need to use a KVM console.
Chris Adams <cma at cmadams.net>
More information about the NANOG