Gert Doering wrote...
> In many companies, using VPNs from desktop machines to connect to untrusted
> networks "outside" is strictly prohibited to avoid unfiltered access in
> revers, and circumventing this is a firing reason. So better talk to 'em.
Agreed. We don't know the reason behind this blocking. It might be
about encrypted traffic, or about all unknown traffic. Or just
about UDP as some high-traffic, seldom for legal purposes used
applications reportedly use that, and then OpenVPN traffic is just
victim of the circumstances. And never rule out stupid management
decisions to achieve "security" (i.e. a warm feeling of it, nothing
more).
We don't know. But we should be aware the admins will read this.
> (Otherwise, run "ssh -L $localport:$vpnserver:$remoteport $sshserver",
> and point your openvpn to "remote 127.0.0.1 $localport" - TCP only.
> Alternatively, use "ssh -D $socksport $sshserver" and specify
> "socks-proxy 127.0.0.1 $socksport" in your openvpn config)
... and read about tcp-in-tcp encapsulation. Also, rumour has it ssh
has an IP tunneling feature as well. If ssh host and tunnel endpoint
are the same machine, that would reduce the number of layers and
eliminate the above problem.
Christoph
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
