On 2013-10-16 7:30 PM, Jason Haar wrote: > On 17/10/13 10:24, Sumit Dahiya wrote: >> MITM attack is exactly why I'd like my users to go through OpenVPN. >> >> So I am hearing MITM (for general internet browsing) becomes more probable >> if my server does not use the directive "redirect-gateway def1 bypass-dhcp" >> vs. if it were using it, correct? >> > Yes it is more likely, but it's 0.0001% more likely (or not: maybe more > or less) > > Give it a try and see how it goes. No-one can actually answer this > question for your situation - only you can decide if it's appropriate or not > >
As all security discussions go; you can take the discussion to any point of failure. There is no 100% security. There are too many different attack vectors out there. Basically the redirect gateway simply forces all traffic to go up over the VPN and out the VPN servers internet circuit (in the case where you're accessing resources not on your local network). If you have advanced security products in place then this has obvious benefit. But if it's just a matter of redirect then then it's basically a zero sum game. As someone pointed out Hotspot VPN usage really is only about protecting you from local eavesdropping. Unless the resource you are ultimately accessing is a fully encrypted channel somewhere the encryption is non-existent. You have to take ownership for what you can control and also understand what you can't. Typically your job is to do you best to ensure the integrity of access to your own resources. As an extreme...if google is inserting malware on every search response there is not much you can do unless - as mentioned above - your have invested and are directing your users through a robust security infrastructure. Cheers C ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users