mailing list archives
RE: Layer4 Re: VPN Solution (WAS: ORBS (Re: Scanning))
From: Roeland Meyer <rmeyer () mhsc com>
Date: Mon, 28 May 2001 09:54:29 -0700
From: Jon Mansey [mailto:jon () interpacket net]
Sent: Monday, May 28, 2001 7:37 AM
Does anyone know of a way to put layer 4 switching in front of a VPN
client such that (for example) email and nntp dont get tunnelled
while everything else does, or vice-versa?
Depending on requirements, isn't the whole idea to put the email into the
tunnel? That's why this thread came up in the first place. BTW, SSH
tunneling can drop every packet through the tunnel with a forward-all
config. it isn't even very hard and can be done with a Win client, using
F-Secure. In fact, sometimes that works, when PPTP doesn't, in
Windows-hostile environments (*nix bigots sometimes do everything they can
to screw up Win machines). However, none of it works when port 22 is blocked
by the firewall.
We're probably talking Windows software here I know......
> The VPN solutions I have used (e.g. Bay Networks, MS
PPTP) send *every*
packet from the end user machine to the VPN end-point,
not just selected
packets (like with SSH tunneling).
If you want a commercial solution that does selective
tunnelling - the
FW-1 addin (VPN-1) exports a "topography" file to the client
at setup; this
really consists of a list of subnets that the VPN will
handle, and is set at
the server side. anything not on the topography list goes
out via the dialup
adaptor or network card as normal.
- RE: Layer4 Re: VPN Solution (WAS: ORBS (Re: Scanning)) Roeland Meyer (May 28)