Home page logo

nanog logo nanog mailing list archives

RE: Layer4 Re: VPN Solution (WAS: ORBS (Re: Scanning))
From: Roeland Meyer <rmeyer () mhsc com>
Date: Mon, 28 May 2001 09:54:29 -0700

From: Jon Mansey [mailto:jon () interpacket net]
Sent: Monday, May 28, 2001 7:37 AM

Does anyone know of a way to put layer 4 switching in front of a VPN 
client such that (for example) email and nntp dont get tunnelled 
while everything else does, or vice-versa?

Depending on requirements, isn't the whole idea to put the email into the
tunnel? That's why this thread came up in the first place. BTW, SSH
tunneling can drop every packet through the tunnel with a forward-all
config. it isn't even very hard and can be done with a Win client, using
F-Secure. In fact, sometimes that works, when PPTP doesn't, in
Windows-hostile environments (*nix bigots sometimes do everything they can
to screw up Win machines). However, none of it works when port 22 is blocked
by the firewall.

We're probably talking Windows software here I know......

 > The VPN solutions I have used (e.g. Bay Networks, MS 
PPTP) send *every*
 packet from the end user machine to the VPN end-point, 
not just selected
 packets (like with SSH tunneling).
  If you want a commercial solution that does selective 
tunnelling - the
FW-1 addin (VPN-1) exports a "topography" file to the client 
at setup; this
really consists of a list of subnets that the VPN will 
handle, and is set at
the server side. anything not on the topography list goes 
out via the dialup
adaptor or network card as normal.

  By Date           By Thread  

Current thread:
  • RE: Layer4 Re: VPN Solution (WAS: ORBS (Re: Scanning)) Roeland Meyer (May 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]