Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] bacula and TLS

2008-06-30 04:08:46
Subject: Re: [Bacula-users] bacula and TLS
From: Arno Lehmann <al AT its-lehmann DOT de>
To: bacula-users AT lists.sourceforge DOT net
Date: Mon, 30 Jun 2008 10:07:44 +0200 
Hi,

30.06.2008 04:58, Jon Schewe wrote:
> Has anyone setup bacula to use TLS?

Yes.

> I'd like to use it to backup a host
> across the Internet,

You might also consider a VPN for that purpose... if the jobs are 
running very long (typical for full backups and low-bandwidth 
connections) and the connection is restet in-between, Bacula itself 
would fail the jobs. A VPN might re-establish the connection 
transparently for Bacula.

> but I'm having little success. I've set debugging 
> up to 200 in the console and in the file daemon and I have yet to get 
> anything terribly useful out of it. Hopefully someone has some known 
> "gotchas" that I'm missing.

I don't know any gotchas - I found the connection encryption setup 
quite straightforward - but here are some links which might help you:
http://www.devco.net/pubwiki/Bacula/TLS/
http://www.freebsddiary.org/bacula-tls.php
(these are the ones I have in my notes as helpful for TLS setup).

> I've got my own CA and I've successfully created a cert for it, works
> with apache and dovecot. I've told the file daemon, director and storage
> daemon to all use the same cert for now, as for testing they are all on
> the same machine.

Well, you're not telling us your exact configuration, so we can't know 
if you need to distribute key files, TLS require settings, or something...

> However when I try and connect to the client for
> status I get a handshake error.

Which error?

> If I turn off peer verification I can
> get status, however the connection from the file daemon to the storage
> daemon fails.

You really need to tell us more... configuration snippets and exact 
error messages at least, and of course we need to know which TLS 
related files you use, i.e. which files are identical, which need a 
password for openSSL, and so on...

Arno

-- 
Arno Lehmann
IT-Service Lehmann
www.its-lehmann.de

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] readline support, Thomas Mueller
Next by Date:  [Bacula-users] Need configuration for storageloader lto 2, rangga
Previous by Thread:  [Bacula-users] bacula and TLS, Jon Schewe
Next by Thread:  Re: [Bacula-users] bacula and TLS, Jon Schewe
Indexes:  [Date] [Thread] [Top] [All Lists]