MAIN 1.370 - VPN report

With the patches Dan just made, MAIN 1.370 is working correctly with vpnc-0.3.3 along with the Tomislav-Debian patch to allow a local default route.

Clemson's network services promotes the use of the proprietary Cisco VPN client with a configuration that not only puts the default route through the tunnel but also cuts off all access to the local subnet for security reasons. The NM and vpnc default is to put the default route through the tunnel and allow access to the local subnet, slightly less secure. The Tomislav-Debian patch to NM accesses a list of target networks on the remote side of the tunnel, but provides access to the local subnet and uses a local default route. This is the most flexible approach but also the least secure.

The Tomislav-Debian patch allows the user to generate the list of target networks to be accessed through the tunnel. It would appear that vpnc-0.3.3 has provided for the possibility that the vpn concentrator could provide such a list. I am not sure how these two approaches would play together.

Bill Moss
Professor, Mathematical Sciences
Clemson University

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]