Hi, I wonder if there is an easy way to protect the client from executing ifconfig/route-statements sent by an (untrusted) server. I think of some config options like
ifconfig-limit 10.123.0.0/24 route-limit 10.111.0.0/16 route-limit 10.222.0.0/24 Any statements sent by the server not matching those networks would be ignored. I know the 'ifconfig-noexec' and 'route-nopull' options which likely could be combined with some bash scripts parsing the push-options ... but that's not an easy way :) Regards, Chris ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
