[CentOS] Pptp vpn server

Les Mikesell lesmikesell at gmail.com
Fri Nov 5 08:29:14 EDT 2010

On 11/5/10 4:27 AM, Ben McGinnes wrote:
> On 5/11/10 9:39 AM, Ross Walker wrote:
>> As for the SSL part, you can monitor traffic over it in a couple of
>> ways. For internal services being served out you can have the SSL
>> connection terminate at the gateway and the gateway establish an
>> internal SSL connection to the service. For internal clients
>> connecting to external services I have used SSL inspectors, these
>> basically initiate an SSL connection to the destination, take the
>> certificate, generate a per-destination itself and pass that to the
>> client, basically acting as a man in the middle, as long as the
>> gateway/inspector is a trusted intermediate CA and the subject is
>> preserved then the client doesn't have a problem with it.
> I believe this is one of the methods that was looked at to enable ISPs
> to filter/censor/log SSL connections should the government policies
> become legislation here.  Except for all outbound connections.  The
> rest of us call it a MitM (when used for outbound or between third
> parties, not in your example).

So if you really want privacy you need to run another layer of encryption end to 
end with an uncommon cipher?

   Les Mikesell
    lesmikesell at gmail.com

More information about the CentOS mailing list