|
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 openvpn@xxxxxxxxxxxxxxxxxxxx wrote: > Hi, > > Checkpoint VPN and other commercial VPN solutions include a firewall on > the client which is managed by the central company via profiles. > > The idea is to guarantuee that the VPN user won't be a bridge between the > intranet and the internet via some spyware or other stuff as one basically > cannot control the remote VPN client. The firewall at least prevents any > unauthorized communication. What are the terms of this guarantuee ? > > The VPN and firewall have to be integrated to make sure that the firewall > is on and tight before opening up the VPN tunnel. > > I actually cannot imagine how to do a tamper-proof open source solution to > that, I can't imagine how to tamper-proof any solution. even if one knew the API for the Windows XP SP2 firewall or others. > As soon as the interface is known, they always can be some kind of > tampering ... Maybe with reduced user rights it is possible. > > Anyway, I am looking for an OpenVPN plugin on Windows that will control > the Windows firewall accordingly. I'm really trying to figure out how to make this observation without sounding sarcastic, it's not my intention, really. remote (automated) control of the client firewall is a ?good? idea? Yes. I see the problem, I see it clearly, and it bothers me, but this does NOT look like a solution to me, this looks like yet another possible vector of compromise. > I have had discussions with customers where this was the crucial point > against OpenVPN, outweighting all the positive points of OpenVPN. On the other side, there is the concept of due diligence; "We see the lack of ability to protect the "bridge" implied in an internet connected remote client as an unaddressed issue in openvpn, and this software addresses the issue." > Regards, > Schlomo > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFC7lBz9Q5XTsw599ERAo3ZAJ9xTUKBiNKKh5Klnue3DwgSboP+pgCfSVwc 4DAm7L4yqse5PPFqCMTGOx4= =4nsU -----END PGP SIGNATURE----- ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-08/msg00006.html on line 237 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-08/msg00006.html on line 237 |