[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] PPTP VPN Connection Windows XP client - Linux Server



Markus Gaugusch wrote:

This is _not_ a good idea. All professional VPN software I know prohibits
access to the internet while connected to the VPN. Even the cisco VPN
client for linux does that! Most VPN clients also contain a small personal
firewall that rejects all connections. If people need internet while using
the VPN, tell them to use the proxy in your company.

Well, I don't think, this might cause any problems.
First, the clients are behind a router and
second, Windows does no forwarding by default.
When talking about the classical roadwarrior scenario, where a single
remote client dials into the internet and then starts the VPN, I would
agree that this might include some potential danger.
We are talking about a rather complex scenario where different clients
at different locations behind (almost NAT-) routers with ADSL
connections need a permanent VPN link to a central system mainly for
voice over  IP purposes. If the complete internet traffic of the remote
clients would be routed through the ADSL connection, the bandwidth for
VoIP would not be satisfactory. Besides the additional traffic cost... I
myself would prefer to just replace the consumer style routers by
professional VPN routers, put a static route to the remote LAN and a
don't-forward-rule on and there we go. But the customer is not willing
to pay e.g. a bulk of PIX 501 for the employees' home offices... So I
have the fun to construct a working, secure (kinda) and
Windows-enduser-compatible solution...

Regards,
Stefan



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here