On 21/03/11 02:41, Etzion Bar-Noy wrote:
It is common that the VPN provider policy *prevents* you from
connecting to multiple networks (theirs and someone else's). The logic
behind it is to prevent data leak, especially accidental, by combining
somehow their network with someone else's.
You have to connect to some network in order to get the VPN packets out.
So - this poses no problem to be dealt with. The common problem is
that your local home network overlaps one of the organization's
networks. Some of the VPN clients place themselves in the network
interface stack, so they hijack the packets to their correct
destination(s). That is the common reason (except for time and effort)
that Linux clients are more rare. This operation is somewhat more
complicated there, and would require root access.
Hijacking the outgoing packets does not solve the routing conflict. When
I send a packet to 172.27.245.17, you somehow need to know whether that
is the 172.27.245.17 that is visible through the VPN, or the one visible
locally. Hijacking ALL outgoing packets rarely makes sense.
Hijacking the network interface does allow you to route the ENCRYPTED
packet without going into routing loops, and is the reason this is done.
Still, you are hiding parts of the network if there is a conflict.
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com
_______________________________________________
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
