Travis Kemen wrote: > Johannes Ballé wrote: >> Hello, >> >> I just hacked the patches/Makefile for vpnc to support vpnc 0.5.1. >> This release is far more usable than 0.4.0, because it fixes one >> annoying keep-alive problem and many other bugs. >> >> (see http://www.unix-ag.uni-kl.de/~massar/vpnc/ for a list) >> >> So here's the patch against SVN r10611. >> >> Additionally, I would like to suggest to remove the >> start_vpn_nat/stop_vpn_nat functions in the vpnc-script (I kept them >> for now). Currently, they are hard-coded to allow any packets to be >> forwarded between the VPN and any other network (also the WAN...) >> >> In the setup I'm using (at least) this default is insecure. I'm using >> a VPN tunnel to establish a connection to the Internet and using the >> router to share this connection locally. So, I have to comment out >> these lines in /etc/vpnc/vpnc-script, which is not very user-friendly. >> IMHO, it would be better if the scripts were non-permissive by default >> (because the fact that you're using a VPN usually indicates that there >> are some security aspects involved). >> >> In most situations, I would think that a static firewall setup in >> /etc/firewall.user suffices. In my situation, it does. In cases where >> a dynamic firewall setup is needed, the user would probably adjust >> vpnc-script manually, anyway. So, as far as I can see, there's no >> point in having a wide-open firewall hard-coded into the script. >> >> Best regards, >> >> Johannes >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> openwrt-devel mailing list >> openwrt-devel@lists.openwrt.org >> http://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel > > Also your patch appears to be mangled (spaces instead of tabs) > > Thanks > Travis
Sorry last comment about incorrect spacing is meant for a different email, your patch looks ok. Travis _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org http://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
