[CentOS] Pptp vpn server

Les Mikesell lesmikesell at gmail.com
Fri Nov 5 08:29:14 EDT 2010


On 11/5/10 4:27 AM, Ben McGinnes wrote:
> On 5/11/10 9:39 AM, Ross Walker wrote:
>>
>> As for the SSL part, you can monitor traffic over it in a couple of
>> ways. For internal services being served out you can have the SSL
>> connection terminate at the gateway and the gateway establish an
>> internal SSL connection to the service. For internal clients
>> connecting to external services I have used SSL inspectors, these
>> basically initiate an SSL connection to the destination, take the
>> certificate, generate a per-destination itself and pass that to the
>> client, basically acting as a man in the middle, as long as the
>> gateway/inspector is a trusted intermediate CA and the subject is
>> preserved then the client doesn't have a problem with it.
>
> I believe this is one of the methods that was looked at to enable ISPs
> to filter/censor/log SSL connections should the government policies
> become legislation here.  Except for all outbound connections.  The
> rest of us call it a MitM (when used for outbound or between third
> parties, not in your example).

So if you really want privacy you need to run another layer of encryption end to 
end with an uncommon cipher?

--
   Les Mikesell
    lesmikesell at gmail.com





More information about the CentOS mailing list