On Tuesday, January 19, 2016 02:15:17 AM lee wrote: > <waben...@gmail.com> writes: > > lee <l...@yagibdah.de> wrote: > >> Rich Freeman <ri...@gentoo.org> writes: > >> > On Sun, Jan 17, 2016 at 6:38 AM, lee <l...@yagibdah.de> wrote: > >> >> Suppose you use a VPN connection. How do does the client > >> >> (employee) secure their own network and the machine they're using > >> >> to work remotely then? > >> > > >> > Poorly, most likely. Your data is probably not nearly as important > >> > to them as their data is, and most people don't take great care of > >> > their own data. > >> > >> That's not what I meant to ask. Assume you are an employee supposed > >> to work from home through a VPN connection: How do you protect your > >> LAN? > > > > Depends on the VPN connection. If you use an OpenVPN client on your PC > > then it is sufficient to use a well configured firewall (ufw, iptables > > or whatever) on this PC. > > The PC would be connected to the LAN, even if only to have an internet > connection for the VPN. I can only guess: Wouldn't that require to put > this PC behind a firewall that separates it from the LAN to protect the > LAN? > > > If you use a VPN gateway then you could > > configure this gateway (or a firewall behind) in a way that it blocks > > incoming connections from the VPN tunnel. > > Hm. I'd prefer to avoid having to run another machine as such a > firewall because electricity is way too expensive here. And I don't > know if the gateway could be configure in such a way. > > > IMHO there is no more risk to use a VPN connection than with any other > > Internet connection. > > But it's a double connection, one to the internet, and another one to > another network, so you'd have to somehow manage to set up some sort of > double protection. Setting up a VPN alone is more than difficult enough > already.
Some of the companies I work with have the laptops set up that when they are not connected to the office-LAN, they will only talk via a VPN link to the company. No network connectivity (apart from what's necessary for the VPN) will work till the VPN is set up. Any ideas on how to do this using Linux without having to become root to set it up myself? I like network manager for the ease of setting up WIFI links. -- Joost
