Date: Sun, 04 Dec 2005 16:57:29 +1300
From: Jason Haar <Jason.Haar@xxxxxxxxxxxxx>
Organization: Trimble Navigation Ltd.
To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] http-proxy questions
Mathias Koerber wrote:
b) But I realize that OpenVPN only supports Basic and NTLM proxy
authentication, which would leave that proxy vulnerable when the
passwords gets sniffed.
Actually, NTLM is resistant to sniffing.
Also - what's wrong with "allow from"? Why not drop requiring
authentication, and just restrict it to the appropriate IP addresses?
Because I don't know what IP addresses I will be coming from?
The problem is that I need to use the VPN from public sites.
A few sites I found only allow access outside their network on
to a limited set of destination port #.
So my plan is to provide a 'http-proxy' on my server (which is reachable
from the Internet). Obviously that proxy must be secured against abuse
(HTTP proxies allowing 'CONNECT' are great for spammers).
I also cannot hardcode any deatination as I have 3 servers I may need
to VPN, and that may increase.
Finally, if you actually control the server, why not just run OpenVPN
directly on it, and route via it to the other sites?
i.e. client - > router-instead-of-proxy->end server
Because that is not the problem. I can do that for my inside clients,
but not when i try to connect from anywhere on the 'net.
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-12/msg00066.html on line 200
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-12/msg00066.html on line 200
|