[CentOS] Pptp vpn server

Thu Nov 4 12:54:58 UTC 2010
Les Mikesell <lesmikesell at gmail.com>

On 11/4/10 7:31 AM, Rob Kampen wrote:
> Ross Walker wrote:
>> On Nov 3, 2010, at 9:24 PM, Ben McGinnes<ben at adversary.org>  wrote:
>>
>>
>>> On 4/11/10 10:35 AM, Ross Walker wrote:
>>>
>>>> On Nov 3, 2010, at 7:01 PM, John R Pierce<pierce at hogranch.com>  wrote:
>>>>
>>>>
>>>>> On 11/03/10 3:46 PM, Ross Walker wrote:
>>>>>
>>>>>> I just think VPNs' time has come and gone.
>>>>>>
>>>>> VPN's have another use entirely, which is linking LAN segments over the
>>>>> internet to create a private WAN.
>>>>>
>>>> Yes, of course, those will remain and I use those across routers and
>>>> concentrators, but the personal VPNs aren't necessary.
>>>>
>>> I'm just guessing here, but you live in a country that doesn't (or
>>> isn't trying to introduce) mandatory censorship and/or data retention.
>>> Right?
>>>
>>> Those of us in the antipodes have a whole different reason for wanting
>>> VPN connections to such insecure points as "shared hosting" or VPS
>>> systems.
>>>
>>
>> I don't have to encrypt from my government, but I am required to encrypt all communication channels by my government, so this is all done over SSL/TLS or using a protocol's native encryption.
>>
>> When I say VPN I'm specifically talking about protocols that extend the internal routable network to the client PC.
>>
>> If the client PC was set up in a split pipe setup it would be like running your corporate LAN with either no firewall or a consumer level firewall product with questionable administration.
>>
>> You can filter within the VPN which protocols are passed but then at this point wouldn't it be better to do this at the firewall anyways?
>>
>> -Ross
>>
>>
> I've been watching this thread and offer the following observation.
> some years ago when working in the corporate world - most internet connections
> were still via modem - I used to connect via VPN to the corporate network from
> remote offices. Even though I was connected via ethernet to the local office,
> the VPN connection once established, became my only route. i.e. the local
> network appeared to be disconnected and the laptop (or PC) could only see and
> connect to the corporate IP address ranges that had been established via the VPN
> software - this also used one time password keys.
> Thus security was complete other than the ability to get files from the
> corporate network onto the local PC - although difficult and cumbersome.
> Once the VPN was disconnected the local network was once again working.
> This was on Windoze clients to linux and other corporate servers.
> Wondering if this kind of setup is possible with any of the mentioned VPN products?

Openvpn can redirect your default gateway to send everything (except itself) 
through the remote, but it doesn't really enforce keeping it that way.  That is, 
a knowledgeable user could add local routes back after starting it.

-- 
   Les Mikesell
    lesmikesell at gmail.com