On 11/4/10 7:31 AM, Rob Kampen wrote: > Ross Walker wrote: >> On Nov 3, 2010, at 9:24 PM, Ben McGinnes<b...@adversary.org> wrote: >> >> >>> On 4/11/10 10:35 AM, Ross Walker wrote: >>> >>>> On Nov 3, 2010, at 7:01 PM, John R Pierce<pie...@hogranch.com> wrote: >>>> >>>> >>>>> On 11/03/10 3:46 PM, Ross Walker wrote: >>>>> >>>>>> I just think VPNs' time has come and gone. >>>>>> >>>>> VPN's have another use entirely, which is linking LAN segments over the >>>>> internet to create a private WAN. >>>>> >>>> Yes, of course, those will remain and I use those across routers and >>>> concentrators, but the personal VPNs aren't necessary. >>>> >>> I'm just guessing here, but you live in a country that doesn't (or >>> isn't trying to introduce) mandatory censorship and/or data retention. >>> Right? >>> >>> Those of us in the antipodes have a whole different reason for wanting >>> VPN connections to such insecure points as "shared hosting" or VPS >>> systems. >>> >> >> I don't have to encrypt from my government, but I am required to encrypt all >> communication channels by my government, so this is all done over SSL/TLS or >> using a protocol's native encryption. >> >> When I say VPN I'm specifically talking about protocols that extend the >> internal routable network to the client PC. >> >> If the client PC was set up in a split pipe setup it would be like running >> your corporate LAN with either no firewall or a consumer level firewall >> product with questionable administration. >> >> You can filter within the VPN which protocols are passed but then at this >> point wouldn't it be better to do this at the firewall anyways? >> >> -Ross >> >> > I've been watching this thread and offer the following observation. > some years ago when working in the corporate world - most internet connections > were still via modem - I used to connect via VPN to the corporate network from > remote offices. Even though I was connected via ethernet to the local office, > the VPN connection once established, became my only route. i.e. the local > network appeared to be disconnected and the laptop (or PC) could only see and > connect to the corporate IP address ranges that had been established via the > VPN > software - this also used one time password keys. > Thus security was complete other than the ability to get files from the > corporate network onto the local PC - although difficult and cumbersome. > Once the VPN was disconnected the local network was once again working. > This was on Windoze clients to linux and other corporate servers. > Wondering if this kind of setup is possible with any of the mentioned VPN > products?
Openvpn can redirect your default gateway to send everything (except itself) through the remote, but it doesn't really enforce keeping it that way. That is, a knowledgeable user could add local routes back after starting it. -- Les Mikesell lesmikes...@gmail.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos