[CentOS] Pptp vpn server

Thu Nov 4 12:53:53 UTC 2010
Giles Coochey <giles at coochey.net>

On 04/11/2010 13:31, Rob Kampen wrote:
> I've been watching this thread and offer the following observation.
> some years ago when working in the corporate world - most internet 
> connections were still via modem - I used to connect via VPN to the 
> corporate network from remote offices. Even though I was connected via 
> ethernet to the local office, the VPN connection once established, 
> became my only route. i.e. the local network appeared to be 
> disconnected and the laptop (or PC) could only see and connect to the 
> corporate IP address ranges that had been established via the VPN 
> software - this also used one time password keys.
> Thus security was complete other than the ability to get files from 
> the corporate network onto the local PC - although difficult and 
> cumbersome.
> Once the VPN was disconnected the local network was once again working.
> This was on Windoze clients to linux and other corporate servers.
> Wondering if this kind of setup is possible with any of the mentioned 
> VPN products?
> Tks Rob
>> _

This is called split-tunnel (or in the case that you talk about 
non-split tunnel) policy.
Many IPsec clients can be configured by policy to avoid 
split-tunnelling. The Windows PPTP client is configured like this by 
defaults, but it is possible to unconfigure it as a user.
Proprietary (e.g. Cisco VPN) allow configuration of the client 
split-tunnel (or not), by the VPN server. I don't know whether OpenVPN 
has this functionality, it ultimately depends on the client to do the 
split-tunneling, not the server (but the server could verify the client, 
and enforce split-tunneling).


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20101104/f2765ce0/attachment-0005.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5137 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20101104/f2765ce0/attachment-0005.p7s>