> Skip does not function very well with a plug gateway. Any encryption =
> schema using IP header information fails when either NAT or a proxy =
> changes the header.=20
That's true. Security and convenience are often contraindicated. If you
let people do clever things with IP headers the results can be good or
bad. Personally, I think that having IP addresses as part of your security
> Plugs do not cover round robin DNS functionality for web servers.
Sure they do. You can bind different plugs to different IP addresses on the
outside. It's hard to do with plug-gw but my plugdaemon handles it... and
it also has the ability to do round-robin itself.
> The skill comes in securing the connection with as little loss of =
> functionality as is possible.
The skill comes in satisfying the business needs without abandoning any
more security than is necessary.