[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Wishes for future versions


  • Subject: Re: [Openvpn-users] Wishes for future versions
  • From: Rainer Sokoll <R.Sokoll@xxxxxxxxxxxx>
  • Date: Tue, 1 Jun 2004 12:20:56 +0200

On Tue, Jun 01, 2004 at 01:32:25PM +0100, Miika Keskinen wrote:

> >my very personal feature requests ;-)
> >- as stated in the past: dropping down the routes into the direct
> > connected network would make the VPN more secure.
> > 
> >
> If I understood what you mean --redirect-gateway does that.

No, in short:
Assumed you are in a cusomer's LAN and have 1.1.1.1/24 on your ethernet.
If you have openvpn up and running (included redirected gatway), you
still have a route to 1.1.1.0/24 via your local ethernet interface. So,
your client will be connected both to the (trusted) VPN and the
(untrusted) customer's LAN at the same time.

> Radius for authentication is poor and vulnerable choice. iirc 
> http://www.untruth.org/~josh/security/radius/radius-auth.html this 
> explained some of them.

Interesting reading.

Rainer

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users