0

Servers are both Debian 9. According to Debian package search they are version 2.5.10.

I need to find out if replication as described here Cyrus Documentation: Replication is encrypted over the WAN.

I know it can be with version 3+, as the replication protocol has been changed to use IMAP itself, which can be over SSL/TLS. That would however require a custom build on Debian.

I need to decide if I need to set up an IPSEC tunnel before I deploy it? or do I make a custom build?

birdwes
  • 98
  • 1
  • 2
  • 12
  • It seems very unlikely, as there isn't any configuration option for encryption in the old csync protocol. – Michael Hampton Oct 08 '18 at 20:32
  • That's what I feared. The master is in a data-centre 650 miles away. The slave is here at home. – birdwes Oct 08 '18 at 20:43
  • @MichaelHampton, if you could please suggest that I use an IPSEC tunnel, I'll mark your question correct and explain fully how I did it, and what the pitfalls are. Thank you for being a good moderator. – birdwes Oct 12 '18 at 21:44
  • If you solved the problem yourself, you can and should [answer your own question](/help/self-answer). – Michael Hampton Oct 13 '18 at 01:57
  • OK, thanks @MichaelHampton, I'll post up some diagrams tomorrow. It relates to another question too. – birdwes Oct 13 '18 at 19:43

1 Answers1

0

My solution, was to deploy StrongSwan, an IPSEC tunnel, not wanting to have to spend much time looking at source code of Cyrus.

There is a description here: Debian 9 dummy network adapter - works on Local but not Remote?

There is a diagram too. See my answer on that thread for corrections to it. i.e. do not use the dummy network interface. It is unreliable.

birdwes
  • 98
  • 1
  • 2
  • 12