|
|
The problem as a whole (VPNned clients adding new entrypoints, and thus security risks, to a network) is inherent, and thus something that can't be completely eliminated. That said, you'll do some amount of good by using "redirect-gateway"; that will make communications w/ a system that's outside of the subnet you're on (in this case, the network at Starbucks) go through the remote network. This still won't help w/ traffic that initiates from a more malicious consumers of bad coffee (or some malicious code on their laptops), since they're on the same subnet as you and traffic to and from them goes doesn't go through any gateway. My company's policy requires VPNned clients to run firewalls and (if on Windows) 3rd-party tools to scan for viruses and other malware. This kind of preventative action (combined with restrictive firewall rules for incoming connections) is probably your best option. If we had the resources, we'd also be running a NIDS on our VPN server to look for attacks coming from VPNned clients. Alas, we don't have the available sysadmin hours to set that up, much less maintain and review it. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |