[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[opensuse-security] enforcing a route over VPN



Hello,

I have a VPN connection to my mail server, and would like to enforce 
that mails can be fetched only over the VPN connection.

As a first step, I've changed my mailclient to use the server's VPN IP 
10.7.0.1.

For additional security, I'd like to enforce that connections to this IP 
_must_ be routed through the tun0 device, or if this device isn't 
available, be blocked. (See [1] for usecase.)

Is there a way (ideally using SuSEfirewall or another way that is 
available "out of the box") to enforce that traffic to 10.7.0.1 must go 
to the tun0 device - or be blocked if there's no tun0 device?


Regards,

Christian Boltz

[1] In theory I could be in a conference network with broken internet
    access (so no VPN connection), but a machine there could have 
    10.7.0.1 - I'd like to avoid that this machine can "earn" my 
    password ;-)

-- 
> And don't be afraid of Henne, he's a nice guy :-)
Pffft Lies, all lies! I'm the meanest son of a gun you know. 
Admit it! 8-) 
[> Vincent Untz and Henne Vogelsang in opensuse-project]

-- 
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx