|
|
Tanya Mamedalin <tmamedalin@xxxxxxxxxxxxxxx> said: > Hi - > > I am curious to know how others have dealt with unsecured vpn clients attaching to their networks. My main concern is that a remote client won't have the proper ip filters on and may start transiting traffic to my network. Which is why I would prefer that all traffic be directed through the vpn network when the client attaches. However, the obvious problem is that if the remote client default-routes everything through the vpn the original connection to the public ip of the vpn server will break. > Furthermore on various Windows flavors I've noticed that I can add 2 different 0.0.0.0/0 routes and some traffic will go one way and other traffic the other. Tanya, Take a look at --redirect-gateway for tunneling all traffic through the VPN. One suggestion I've seen on making sure clients are secured before they connect to the VPN is to have the --tls-verify script on the server nmap the client before approving the connection. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |