Hi.
On 19.03.2013 12:56, Yoann Gini wrote:
Even if it’s not built-in the L2TP / PPTP standard, the rest of the world do
it, and need it by the way. Using the VPN gateway as a default one is not
acceptable when it’s made to secure access to specific resources only (i.e:
Split Tunneling), as a provider, I don’t want to handle all network traffic
from road-warriors, I don’t care about their FaceBook traffic, I just want they
corporate one.
No questions here, this feature is highly demanded, but still, standard
pptp/l2tp implementation just doesn't support it by design.
With VPN, also regularly come VPN on Demand, a settings on the client side
allowing the system to automatically start VPN connection when the user request
for a specific domain (like private.example.com). And if the authentication is
fully based on certificate, the user don’t see any authentication request.
This kind of highly demanded feature today can’t be address if at the beginning
we don’t have split tunneling…
Well, that’s a big big problem for me and force me to review all my plan about
this network and also with my OS X Server replacement project made from a
standard FreeBSD…
Ofc there's many VPN implementation that supports this feature. But most
of them are not compatible with each other, or just aren't available on
some platforms. There are lots of modern fancy SSL-VPNs, but their
ideology is an ideology of a custom VPN client, like Cisco EzVPN, or
even openvpn (which I personally hate). In the same time, mpd is good
where you need to have interoperability. Unfortunately, there's bo
silver bullet yet.
Eugene.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
