On 11/4/10 7:31 AM, Rob Kampen wrote:
> Ross Walker wrote:
>> On Nov 3, 2010, at 9:24 PM, Ben McGinnes<b...@adversary.org> wrote:
>>
>>
>>> On 4/11/10 10:35 AM, Ross Walker wrote:
>>>
>>>> On Nov 3, 2010, at 7:01 PM, John R Pierce<pie...@hogranch.com> wrote:
>>>>
>>>>
>>>>> On 11/03/10 3:46 PM, Ross Walker wrote:
>>>>>
>>>>>> I just think VPNs' time has come and gone.
>>>>>>
>>>>> VPN's have another use entirely, which is linking LAN segments over the
>>>>> internet to create a private WAN.
>>>>>
>>>> Yes, of course, those will remain and I use those across routers and
>>>> concentrators, but the personal VPNs aren't necessary.
>>>>
>>> I'm just guessing here, but you live in a country that doesn't (or
>>> isn't trying to introduce) mandatory censorship and/or data retention.
>>> Right?
>>>
>>> Those of us in the antipodes have a whole different reason for wanting
>>> VPN connections to such insecure points as "shared hosting" or VPS
>>> systems.
>>>
>>
>> I don't have to encrypt from my government, but I am required to encrypt all
>> communication channels by my government, so this is all done over SSL/TLS or
>> using a protocol's native encryption.
>>
>> When I say VPN I'm specifically talking about protocols that extend the
>> internal routable network to the client PC.
>>
>> If the client PC was set up in a split pipe setup it would be like running
>> your corporate LAN with either no firewall or a consumer level firewall
>> product with questionable administration.
>>
>> You can filter within the VPN which protocols are passed but then at this
>> point wouldn't it be better to do this at the firewall anyways?
>>
>> -Ross
>>
>>
> I've been watching this thread and offer the following observation.
> some years ago when working in the corporate world - most internet connections
> were still via modem - I used to connect via VPN to the corporate network from
> remote offices. Even though I was connected via ethernet to the local office,
> the VPN connection once established, became my only route. i.e. the local
> network appeared to be disconnected and the laptop (or PC) could only see and
> connect to the corporate IP address ranges that had been established via the
> VPN
> software - this also used one time password keys.
> Thus security was complete other than the ability to get files from the
> corporate network onto the local PC - although difficult and cumbersome.
> Once the VPN was disconnected the local network was once again working.
> This was on Windoze clients to linux and other corporate servers.
> Wondering if this kind of setup is possible with any of the mentioned VPN
> products?
Openvpn can redirect your default gateway to send everything (except itself)
through the remote, but it doesn't really enforce keeping it that way. That
is,
a knowledgeable user could add local routes back after starting it.
--
Les Mikesell
lesmikes...@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
