|
|
On Mon, 2006-01-02 at 16:06 +0100, Jon Bendtsen wrote: > Den mandag 2.jan kl. 14:18 skrev John A. Sullivan III: > > > Hello, all. I was fascinated to see a reference to using NMAP in the > > client scripts. It sounds like we have the opportunity to do some > > sort > > of end point security check before allowing connections. That > > would be > > a powerful alternative to some of the proprietary SSL solutions. > > > > However, I can also see all sorts of shortcomings. For example, if we > > check for open ports and the client is behind a NAT firewall which > > also > > protects public servers on a DMZ, I would imagine we would show false > > positives. > > Why not just check both the outside of the tunnel and the inside, and > then > compare the results? <snip> If we do that, we could simply test inside the tunnel but do we have access to test inside the tunnel before we have finalized the tunnel? In other words, if the purpose of this test is to see if it is safe to allow the user to establish a tunnel, how do we check the inside before we allow the tunnel? The address is accessible in the client-connect script. Can we actually send traffic to it before that script has concluded? Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@xxxxxxxxxxxxxxxxxxx Financially sustainable open source development http://www.opensourcedevel.com ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-01/msg00021.html on line 212 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-01/msg00021.html on line 212 |