|
|
On 2/6/06, Steve Willis <openvpn@xxxxxxxxxxxxxxx> wrote: > (2) Many of my users share a common physical location that already has a > real LAN setup. I want to make several Samba servers available to the > VPN that are currently available on these LANs. [..] > Is there a way to ensure that when a Samba share name is available > via the VPN and LAN, the LAN is chosen as a route? Well, assuming you've got a "proper" IP config, with no NAT or other bridging or other funky things going on, this should be automatic. Assuming the Samba server has a single interface on that LAN's subnet, it will have a single IP address from that subnet. Nodes already on that LAN and subnet will go local, like any other IP traffic would. Non-local nodes will use IP routing, regardless of VPN or not. Assuming your routing topology is sane, everything should fall into place more-or-less automatically. If your config doesn't fit the above assumptions, explain how and why. :-) > (3) Is there a way to ensure that Windows XP users can't accidentally > bridge the TUN device to an insecure LAN? Don't grant the Windows users admin rights to their computers, and this happens automatically. If the users have admin rights on their computers, you've pretty much lost the game at that point. Once they have admin rights, they can do all sorts of things that will invalidate the security of your VPN. If you want to ignore all of those and just worry about bridging, you can delete the bridge connectoid to prevent it from being accidentally used. -- Ben ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |