Re: newbie needs routing explaination

On Sun, Jun 27, 2004 at 02:45:54PM -0700, Anthony Ewell wrote:
>    This presents a big security problem for me.  It seems that
> all someone at my customer's client location would have to
> do to have access to everything on my customer's home site
> would be to point his default route or add a route to my
> customer's laptop when my customer was visiting.

For this to happen the windows box (I'm assuming it's a windows
box) would have to act as a gateway.  It's very unlikely that
he's configured his laptop that way, so you should be fine.
That is to say, it won't be willing to forward packets from the
local LAN into the tunnel or anywhere else for that matter.

>    Is there a way to restrict what traffic gets routed through
> the tunnel?  I want:
> 
>           1)  only the laptop to be able to send data
>               through the tunnel to my customer's network

No worries, unless he is somehow explicitly allowing it.

>           2)  to route LPR print jobs from my customer's
>               home office to the client's network LPD printer

This will work fine if you get all the network neighborhood working.
The easiest way I think is to use tap devices instead of tun devices
("bridging" instead of "routing" openvpn configuration), but there's
more on these on the home page and in the documentation.

Patrick Lesslie


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com