Hi,
On Fri, May 8, 2020 at 3:18 PM Angus Clarke via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
> We run out IPA infrastructure globally with VPN connected sites, no issue
> there. I don't have experience of road warrior VPN clients though. I'm not
> sure how IPA behaves when hosts connect with possibly different FQDNs for
> example.
>
I have my laptop joined to a FreeIPA domain and it often moves to
different networks where it has different FQDNs.
It shows up as hostname.ipadomain in FreeIPA (which doesn't match its name
on the networks) and I've never had any issue- I suspect client hostnames
are not really important.
I do run a publicly accessible FreeIPA instance- it's personal, not
commercial, so I'm willing to assume the risks. There are hardening
sections in the official docs, although at no point there's explicit
information about whether it's safe or not to expose FreeIPA to the
Internet. In discussions here I think it's widely considered that you
shouldn't do that, though. I'd love that to be a feature, but I understand
in most places it's not an issue.
Cheers,
Álex