|
|
Den mandag 6.feb kl. 19:07 skrev Steve Willis: Greetings,
(2) Many of my users share a common physical location that already has a real LAN setup. I want to make several Samba servers available to the VPN that are currently available on these LANs. I'd like to avoid the overhead of routing traffic through our offsite OpenVPN server for accessing Samba shares that are already on a user's LAN. Is there a way to ensure that when a Samba share name is available via the VPN and LAN, the LAN is chosen as a route? Note that I don't want to do any permanent routing on the client side, because many users will want to connect their laptops both in and out of the office, and I'd like the network to always "just work". (I realize this is really a Samba question, since OpenVPN IP addresses are unambiguous, whereas share names are not...) How data are routed depends on your routing table. So you just need to ensure that the client has the right routing table. Like using a connection script that pushes the right routes to the client depending on the ip address of the client. (3) Is there a way to ensure that Windows XP users can't accidentally bridge the TUN device to an insecure LAN? For example, if a user is using their laptop at a cafe, can I be sure that they can't accidentally expose the private network to the public wireless network? No, that is not possible, just like you can not prevent the user from giving his laptop to someone else. JonB
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00096.html on line 219 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00096.html on line 219 |