Hi, On Mon, May 16, 2016 at 04:44:38PM +0200, Chris Laif wrote: > Thanks Gert, I would be happy to a feature like that. Trac ticket is > http://community.openvpn.net/openvpn/ticket/682
Thanks, this is perfect. (Not making any promises, but at least it's
there and won't be forgotten :) )
> I trust the remote VPN endpoint by sending pakets which are designated
> to go there. I do *not* trust the remote to set up my ip addresses and
> networks. Imagine if the remote site manages to re-route my local DMZ
> network to the remote side, which forces my local clients to connect
> to some 'evil' remote service (ok ok, the firewall has to allow this
> as well, but I've seen many many improper setups). Therefore I think
> it's not a very "special-case request' :)
Well, it's different from typical "openvpn client" usage scenarios where
you connect to "your home network" or "your VPN provider", possibly even
sending a full default route there - or a more tightly controlled
company-to-company VPN, which might not even use pushed routes but
fully static configuration of IP addresses and routing (this is what I
use for my b2b VPN connections). But as I said, I see your point, and
in that scenario such a filter makes sense - plus the potential to add
even more filters for other options.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
