LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Securing dark fibre (https://www.linuxquestions.org/questions/linux-networking-3/securing-dark-fibre-4175542333/)

Ipolit 05-12-2015 01:03 AM
Securing dark fibre
 
Hello,
we have 2 offices which are connected with optic fibre. The connection is direct, not via Internet - dark fibre. We want all the computers from both offices to be in one LAN without routing and VPNs. But also if some one cuts the fibre and puts a media converter between, he will be able to access both ends of the fibre. For sure this will break the connection between offices, but still we think this is a security issue.
Is there relatively simple way to make sure that to both sides of the fibre are connected my machines, but not someone else?

Thank you in advance

lazydog 05-12-2015 10:10 AM
Dark Fiber is the responsibility of the company you are leasing it from. There is no real way to ensure that someone doesn't cut the fiber. Should it drop for what ever reason you should contact the fiber provider and have them check the cable anyway.

As to is there a way to check this? You could get a light reading when you first light it up then you have a base line. Should anything be added the reading will change.

MikeDeltaBrown 05-12-2015 11:36 AM
It sounds like you want a bridging VPN.

Take a look at this:
https://openvpn.net/index.php/open-s...-bridging.html

jefro 05-12-2015 08:57 PM
A vpn of some kind.

The endpoints may have a vpn in it already.

Ipolit 05-15-2015 01:06 AM
We made it with L2TP IPSec connection and between L2TP interfaces we made EoIP tunnel. Works fine, but requires relatively powerful hardware for encrypting/decrypting the gigabite connection. We will use 9 core CPU Mikrotiks on both sides.

jefro 05-15-2015 02:35 PM
Thanks for the update and solution.


All times are GMT -5. The time now is 09:20 AM.