On 04/11/2010 13:31, Rob Kampen wrote:
I've been watching this thread and offer the following
observation.
some years ago when working in the corporate world - most internet
connections were still via modem - I used to connect via VPN to
the
corporate network from remote offices. Even though I was connected
via
ethernet to the local office, the VPN connection once established,
became my only route. i.e. the local network appeared to be
disconnected and the laptop (or PC) could only see and connect to
the
corporate IP address ranges that had been established via the VPN
software - this also used one time password keys.
Thus security was complete other than the ability to get files
from the
corporate network onto the local PC - although difficult and
cumbersome.
Once the VPN was disconnected the local network was once again
working.
This was on Windoze clients to linux and other corporate servers.
Wondering if this kind of setup is possible with any of the
mentioned
VPN products?
Tks Rob
_
Rob,
This is called split-tunnel (or in the case that you talk about
non-split tunnel) policy.
Many IPsec clients can be configured by policy to avoid
split-tunnelling. The Windows PPTP client is configured like this by
defaults, but it is possible to unconfigure it as a user.
Proprietary (e.g. Cisco VPN) allow configuration of the client
split-tunnel (or not), by the VPN server. I don't know whether
OpenVPN has this functionality, it ultimately depends on the client
to do the split-tunneling, not the server (but the server could
verify the client, and enforce split-tunneling).
Thanks
Giles
|
<<attachment: smime.p7s>>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos