On 03/06/15 21:54, Gert Doering wrote: > It might be possible to actually hack together something with a wrapper > script around openvpn that does "--setenv UV_MY_NETWORK 1.2.3.0/24", > because "UV_" env variables are sent as push-peer-info to the server. Yeah I thought about that: easy enough to wrap something around Unix installs - harder for everything else. During the install on clients we grab their hostname and push it into their config via UV_HOSTNAME for precisely that reason. Would be great to have other metadata in there too
Sounds like I'm stuck with the server having to do the donkey work. All our clients have to allow remote admin as a requirement (poor-mans NAC), so the server will log in, discover the routing table and if it's "funky", will reconfigure the client directly to route more traffic through the tunnel. Or maybe just generate an alert to begin with. Should probably learn how to walk before going crazy on people's routing tables ;-) -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
