FreeBSD Mail Archives

Date:      Tue, 19 Mar 2013 07:56:50 +0100
From:      Yoann Gini <yoann.gini@gmail.com>
To:        Eugene M. Zheganin <emz@norma.perm.ru>
Cc:        freebsd-net@freebsd.org
Subject:   Re: mpd5 and multiple route to send to clients
Message-ID:  <1306548A-C393-44DF-9B8D-9A34D806622E@gmail.com>
In-Reply-To: <5147EE5D.5070203@norma.perm.ru>
References:  <9EC8E2D3-A52B-4FF1-B840-3D962DF8D917@gmail.com> <5147EE5D.5070203@norma.perm.ru>


[-- Attachment #1 --]

Le 19 mars 2013 � 05:49, Eugene M. Zheganin <emz@norma.perm.ru> a �crit :

> You cannot do this with a pptp or l2tp, they just don't have that ability.

> Standard approach is either using remote pptp/l2tp peer as default gateway, or creating a sticky route on the client side.

Even if it�s not built-in the L2TP / PPTP standard, the rest of the world do it, and need it by the way. Using the VPN gateway as a default one is not acceptable when it�s made to secure access to specific resources only (i.e: Split Tunneling), as a provider, I don�t want to handle all network traffic from road-warriors, I don�t care about their FaceBook traffic, I just want they corporate one.

With VPN, also regularly come VPN on Demand, a settings on the client side allowing the system to automatically start VPN connection when the user request for a specific domain (like private.example.com). And if the authentication is fully based on certificate, the user don�t see any authentication request.

This kind of highly demanded feature today can�t be address if at the beginning we don�t have split tunneling�

Well, that�s a big big problem for me and force me to review all my plan about this network and also with my OS X Server replacement project made from a standard FreeBSD�

> You could do this using openvpn, but openvpn is a horrible mess of weirdness and incompatibility.

I agree with that, OpenVPN is such a mess� And can�t be deployed on all devices, for example, they have some problems to distribute their app in France on iOS devices. That the only one with that problem�

[-- Attachment #2 --]
0�	*�H��
��0�10	+0�	*�H��
���0��0�r�'���z��n��n�0
	*�H��
0o10	USE10U
AddTrust AB1&0$UAddTrust External TTP Network1"0 UAddTrust External CA Root0
050607080910Z
200530104838Z0��10	UUS10	UUT10USalt Lake City10U
The USERTRUST Network1!0Uhttp://www.usertrust.com1604U-UTN-USERFirst-Client Authentication and Email0�"0
	*�H��
�0�
��9���}�A;bF7���`u�9e�JG���H�j��M5��B��I�/|�1�N��d�.)բdą��Q5y�Nh�{z������ɤ2��O0�����n�F�x��o�Y^�/���m�/묡�j��.g5�y�i���F͠���v:z����'[=s"�Ha�L�i��.��1 ,������׉C�Z�q�Yں�
�������g���T:�
��w�e���tb��h���~�Ge��MW(t�4�0���b0�,����0��0U#0����z4�&���&T���$�T0U��g}ĝ&pK�PH|�=�n}0U�0U�0�0{Ut0r08�6�4�2http://crl.comodoca.com/AddTrustExternalCARoot.crl06�4�2�0http://crl.comodo.net/AddTrustExternalCARoot.crl0
	*�H��
�؉o(��������~�������TBk�	Ġmא�fyCq��o��vE�7=��Yx��F�z�[�r-�F��)��Iy�<�m��mhO�r6�������j�5P�ρmU��Y0J�m��dI|�6���i��9�Z�K�:����
D����/p�%�ZT��ļm��s2,雄$-��zhP?M����g��.;�N����
�&De��MR���>�k2\Al��]�������Xm=�G��.��̎��0�0��m�Oj3"�"2z�q�0
	*�H��
0��10	UUS10	UUT10USalt Lake City10U
The USERTRUST Network1!0Uhttp://www.usertrust.com1604U-UTN-USERFirst-Client Authentication and Email0
110428000000Z
200530104838Z0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1907U0COMODO Client Authentication and Secure Email CA0�"0
	*�H��
�0�
����[KW��^/���@ȣSX_fe�2N��2}U�xLU�B���'q��i��2��@��'Vb�qi�� ��c^`ʢA�j����HmeC�*.+c8w߱��ڂ��2j�go �\5��T���q
7
PSl�����Y1�	��L�R���@[Hh��J���$:�q_㬿;�%qh=��XF�<h���mz!W�4��2~�J�Rrd&�N����`�ohQ�c����B��}"cө��Ξ��D�\[5������K0�G0U#0���g}ĝ&pK�PH|�=�n}0UzNt[�xcd'�/�[�y�{0U�0U�0�0U 
00U 0XUQ0O0M�K�I�Ghttp://crl.usertrust.com/UTN-USERFirst-ClientAuthenticationandEmail.crl0t+h0f0=+0�1http://crt.usertrust.com/UTNAddTrustClient_CA.crt0%+0�http://ocsp.usertrust.com0
	*�H��
��־xWUm3DR�B�����
��J���AI�Z�ҭsn>�&|�L��0(���B<�%>
u��=9�fѡ��M�o�(l���tZ�ڱ��uz/���y���Vt�����Cr��`9 G���:eH<�=�%���`�I���?C����
���3_�н`j�;����:<���I3�B)9��3i.��EM�iڀ=�]|G���m���]W�0�KID��~��y8�3��:]&X�aU�!ՙ��C@B0���Ұ��u�n�0�*0�����2����'IP��0
	*�H��
0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1907U0COMODO Client Authentication and Secure Email CA0
130303000000Z
140303235959Z0%1#0!	*�H��
	yoann.gini@gmail.com0�"0
	*�H��
�0�
��\�紪o�1���n�������;���ici�`A������O� 3��B3:��Jo���������l	�������/SE���Q3�b���
�8�ĳ�ܹ�ot�oEi���Y�Ҵ6����r���uO��w�n
� ���D��rk|4)}�PbæM5Ͻ�e!�����c� .��U��y��������3��t"��]4>+�xx��O?V�n�5����7;�C�B�%|'��1e
�
��+*_������0��0U#0�zNt[�xcd'�/�[�y�{0U}����qD�U�2X�2���M��0U��0U�00 U%0++�10	`�H��B 0FU ?0=0;+�10+0)+https://secure.comodo.net/CPS0WUP0N0L�J�H�Fhttp://crl.comodoca.com/COMODOClientAuthenticationandSecureEmailCA.crl0��+|0z0R+0�Fhttp://crt.comodoca.com/COMODOClientAuthenticationandSecureEmailCA.crt0$+0�http://ocsp.comodoca.com0U0�yoann.gini@gmail.com0
	*�H��
�-�!��8AM��	�!(["����.��l����A�96P�i�Jv�S�vubL)Y��ǂ�x���\�T
�&�K#��SL���ќGۀ'w��Ժ�l�8�Άҕ�	Z�on/\��"��>DA��t����K>ubKT�P�s�V٨5���yĬk�N�G����Vҙ�����|�Ġ���d��M��_1�v����f�����.՛hG�v�M^K����
��=��h�,K�"M-0����t^1�,T�o��>1��0��0��0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1907U0COMODO Client Authentication and Secure Email CA���2����'IP��0	+���0	*�H��
	1	*�H��
0	*�H��
	1
130319065650Z0#	*�H��
	1Er=�������]������j0��	+�71��0��0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1907U0COMODO Client Authentication and Secure Email CA���2����'IP��0��*�H��
	1�����0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1907U0COMODO Client Authentication and Secure Email CA���2����'IP��0
	*�H��
�*��5L�+��<�Y��X.�*ws�����ON����"�Zu9#d4s�7�O�$����K�|9��ˇ&{d\�.�L���^K̔��gc�P�7oo�qt�ò
�7����C�L�5u?4��=ߤ�����=Z�"g]� ���>L���'�O������G����ox�V�J��d�5�{�%Xh|���&,zb�.8�Dv� �Hm�Q��i�^�����蜹���<�:�zUީ�-쳟9%�l8�	��

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1306548A-C393-44DF-9B8D-9A34D806622E>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation