Hi,
On Fri, May 8, 2020 at 3:18 PM Angus Clarke via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
We run out IPA infrastructure globally with VPN connected sites, no issue there. I don't have experience of road warrior VPN clients though. I'm not sure how IPA behaves when hosts connect with possibly different FQDNs for example.
I have my laptop joined to a FreeIPA domain and it often moves to different networks where it has different FQDNs.
It shows up as hostname.ipadomain in FreeIPA (which doesn't match its name on the networks) and I've never had any issue- I suspect client hostnames are not really important.
I do run a publicly accessible FreeIPA instance- it's personal, not commercial, so I'm willing to assume the risks. There are hardening sections in the official docs, although at no point there's explicit information about whether it's safe or not to expose FreeIPA to the Internet. In discussions here I think it's widely considered that you shouldn't do that, though. I'd love that to be a feature, but I understand in most places it's not an issue.
Cheers,
Álex
It shows up as hostname.ipadomain in FreeIPA (which doesn't match its name on the networks) and I've never had any issue- I suspect client hostnames are not really important.
Sorry, correction. My laptop's hostname *IS* hostname.ipadomain. When it connects to different networks, the DNS servers there resolve that hostname in their domain, though, but I don't think the laptop is "aware" of that, although it has a new search domain in resolv.conf...
freeipa-users@lists.fedorahosted.org