Re: [Openvpn-users] Wishes for future versions

[Miika Keskinen <weeti@xxxxxxxxx>]

Rainer Sokoll wrote:

> On Tue, Jun 01, 2004 at 01:32:25PM +0100, Miika Keskinen wrote:
>
>>> my very personal feature requests ;-) - as stated in the past:
>>> dropping down the routes into the direct connected network
>>> would make the VPN more secure.
>>>
>>>
>> If I understood what you mean --redirect-gateway does that.
>
>
> No, in short: Assumed you are in a cusomer's LAN and have
> 1.1.1.1/24 on your ethernet. If you have openvpn up and running
> (included redirected gatway), you still have a route to 1.1.1.0/24
> via your local ethernet interface. So, your client will be
> connected both to the (trusted) VPN and the (untrusted) customer's
> LAN at the same time.

aa. it should be easy. If someone want's I can code patch to enable
that feature.

>> Radius for authentication is poor and vulnerable choice. iirc
>> http://www.untruth.org/~josh/security/radius/radius-auth.html
>> this explained some of them.
>
>
> Interesting reading.
>
> Rainer
>
>
> ------------------------------------------------------- This SF.Net
> email is sponsored by: Oracle 10g Get certified on the hottest
> thing ever to hit the market... Oracle 10g. Take an Oracle 10g
> class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________ Openvpn-users
> mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users