I agree there is no such thing as 100% security. Therefore, I am trying to make my VPN users as less vulnerable as possible.
If I do not use the "redirect gateway" parameter then users would be relying on target website's SSL implementation and their encryption strategies. If there are some problems with certificates etc. (or holes in security otherwise) then my users will potentially become vulnerable to local eavesdroppers sniffing packets over the public WiFi. On the other hand, if I DO use the "redirect gateway" then my users will be safe from public WiFi eavesdropping regardless of security holes in websites they are visiting. Please let me know if this is not correct. I understand there might be legalized sniffing happening at our ISP, their partners or the government itself - there is nothing much we can do about those. I will call it a security success if I can beat those hoodlums sniffing over public WiFi. -----Original Message----- From: Colin Ryan [mailto:col...@caveo.ca] Sent: Wednesday, October 16, 2013 7:47 PM To: openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] OpenVPN Security As all security discussions go; you can take the discussion to any point of failure. There is no 100% security. There are too many different attack vectors out there. Basically the redirect gateway simply forces all traffic to go up over the VPN and out the VPN servers internet circuit (in the case where you're accessing resources not on your local network). If you have advanced security products in place then this has obvious benefit. But if it's just a matter of redirect then then it's basically a zero sum game. As someone pointed out Hotspot VPN usage really is only about protecting you from local eavesdropping. Unless the resource you are ultimately accessing is a fully encrypted channel somewhere the encryption is non-existent. You have to take ownership for what you can control and also understand what you can't. Typically your job is to do you best to ensure the integrity of access to your own resources. As an extreme...if google is inserting malware on every search response there is not much you can do unless - as mentioned above - your have invested and are directing your users through a robust security infrastructure. Cheers C ---------------------------------------------------------------------------- -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
