Re: [Openvpn-users] using openvpn to encrypt commication on a LAN

[Mike Meyer <mwm-dated-1149688692.ef8bfa@xxxxxxxxx>]

In <op.taittxbeioehzu@xxxxxxxxxxxxxxxxxxxxx>, Tony <kb2wjw@xxxxxxxxx> typed:
> On Fri, 02 Jun 2006 17:01:16 +0400, Jim Drash <jim.drash@xxxxxxxxx> wrote:
> > No offense, but what a Red Herring! A well implmented firewall will  
> > block all that stuff.  Assuming you are using Linux with iptables.
> I'm on winXP-SP2.
> > That is why you are running Open VPN.
> I'm running OpenVPN to connect to my LAN while on the run.
> 
> I strongly feel that the best defence is to have none of the vulnerable  
> traffic at all.
> In UNIX world all (knowledgeable) admins stop the unnesessary services,  

And knowledge network admins believe in "defense in depth". Yup, a
well-implemented firewall will stop all that stuff. Do you believe
your firewall is perfect? If you do, I have a bridge you might be
interested in. If you don't, then having things set up so you're still
safe if the firewall gets crocked makes sense.

> So, even without any firewall I'm sure I'm well protected.

Well, for a road warrior system, maybe. For a fixed network, you want
at least another firewall of some sort beyond your box. If you're
paranoid, you want a DMZ.

Which brings me to a question:

Does everyone just let their VPN run straight through their DMZ (which
sort of defeats the purpose of having the DMZ), or is someone out
there using a relay of some sort in the DMZ? If the latter, care to
describe it?

	Thanks,
	<mike
-- 
Mike Meyer <mwm@xxxxxxxxx>		http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.


_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users