Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Mar 2013 07:56:50 +0100
From:      Yoann Gini <yoann.gini@gmail.com>
To:        Eugene M. Zheganin <emz@norma.perm.ru>
Cc:        freebsd-net@freebsd.org
Subject:   Re: mpd5 and multiple route to send to clients
Message-ID:  <1306548A-C393-44DF-9B8D-9A34D806622E@gmail.com>
In-Reply-To: <5147EE5D.5070203@norma.perm.ru>
References:  <9EC8E2D3-A52B-4FF1-B840-3D962DF8D917@gmail.com> <5147EE5D.5070203@norma.perm.ru>

next in thread | previous in thread | raw e-mail | index | archive | help

--Apple-Mail=_185037E8-C7DB-44E5-90C1-DFD058EAA9C1
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252


Le 19 mars 2013 =E0 05:49, Eugene M. Zheganin <emz@norma.perm.ru> a =
=E9crit :

> You cannot do this with a pptp or l2tp, they just don't have that =
ability.

> Standard approach is either using remote pptp/l2tp peer as default =
gateway, or creating a sticky route on the client side.

Even if it=92s not built-in the L2TP / PPTP standard, the rest of the =
world do it, and need it by the way. Using the VPN gateway as a default =
one is not acceptable when it=92s made to secure access to specific =
resources only (i.e: Split Tunneling), as a provider, I don=92t want to =
handle all network traffic from road-warriors, I don=92t care about =
their FaceBook traffic, I just want they corporate one.

With VPN, also regularly come VPN on Demand, a settings on the client =
side allowing the system to automatically start VPN connection when the =
user request for a specific domain (like private.example.com). And if =
the authentication is fully based on certificate, the user don=92t see =
any authentication request.

This kind of highly demanded feature today can=92t be address if at the =
beginning we don=92t have split tunneling=85

Well, that=92s a big big problem for me and force me to review all my =
plan about this network and also with my OS X Server replacement project =
made from a standard FreeBSD=85

> You could do this using openvpn, but openvpn is a horrible mess of =
weirdness and incompatibility.

I agree with that, OpenVPN is such a mess=85 And can=92t be deployed on =
all devices, for example, they have some problems to distribute their =
app in France on iOS devices. That the only one with that problem=85

--Apple-Mail=_185037E8-C7DB-44E5-90C1-DFD058EAA9C1
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIO2jCCBIow
ggNyoAMCAQICECf06hH0eobEbp27bqkXBwcwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0
d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wNTA2MDcwODA5MTBa
Fw0yMDA1MzAxMDQ4MzhaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNh
bHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0
dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0
aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmF
pPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJk
xIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/K2m2q
L+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNpsaguG7bUMSAs
vIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMe
oYV+9Udly/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4HhMIHeMB8GA1UdIwQYMBaAFK29mHo0tCb3
+sQmVO8DveAky1QaMB0GA1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTAOBgNVHQ8BAf8EBAMC
AQYwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9kb2Nh
LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21vZG8u
bmV0L0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAZ2IkRbyis
pgCi54fBm5AD236hEv0e8+LwAamUVEJrmgnEoG3XkJIEA2Z5Q3H8+G+v23ZF4jcaPd3kWQR4rBz0
g0bzes9bhHIt5UbBuhgRKfPLSXmHPLptBZ2kbWhPrXIUNqi5sf2/z3/wpGqUNVCPz4FtVbHdWTBK
322gnGQfSXzvNrv042n0+DmPWq1LhTq3Du3Tzw1EovsEv+QvcI4l+1pUBrPQxLxtjftzMizpm4Qk
LdZ/kXpoAlAfDj9N6cz1u2fo3BwuO/xOzf4CjuOoEwqlJkRl6RDyTVKnrtw+ymsyXEFs/vVdoOr/
0fqbhlhtPZZH5f4ulQTCAMyOofK7MIIFGjCCBAKgAwIBAgIQbRnqpxlPajMi5iIyeqpx3jANBgkq
hkiG9w0BAQUFADCBrjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExh
a2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v
d3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3QtQ2xpZW50IEF1dGhlbnRp
Y2F0aW9uIGFuZCBFbWFpbDAeFw0xMTA0MjgwMDAwMDBaFw0yMDA1MzAxMDQ4MzhaMIGTMQswCQYD
VQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRow
GAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE5MDcGA1UEAxMwQ09NT0RPIENsaWVudCBBdXRoZW50
aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAkoSEW0tXmNReL4uk4UDIo1NYX2Zl8TJO958yfVXQeExVt0KU4PkncQfFxmmkuTLE8UAakMwn
VmJ/F7Vxaa7lIBvky2NeYMqiQfZq4aP/uN8fSG1lQ4wqLitjOHffsReswtqCAtbUMmrUZ28gE49c
NfrlVICv2HEKHTcKAlBTbJUdqRAUtJmVWRIx/wmi0kzcUtve4kABW0ho3cVKtODtJB86r3FfB+Os
vxQ7sCVxaD30D9YXWEYVgTxoi4uDD216IVfmNLDbMn7jSuGlUnJkJpFOpZIP/+CxYP0ab2hRmWON
GoulzEKbm30iY9OpoPzOnpDfRBn0XFs1uhbzp5v/wQIDAQABo4IBSzCCAUcwHwYDVR0jBBgwFoAU
iYJnfcSdJnAAS7RQSHzePa4Ebn0wHQYDVR0OBBYEFHoTTgB0W8Z4Y2QnwS/ioFu8ecV7MA4GA1Ud
DwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMBEGA1UdIAQKMAgwBgYEVR0gADBYBgNVHR8E
UTBPME2gS6BJhkdodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRB
dXRoZW50aWNhdGlvbmFuZEVtYWlsLmNybDB0BggrBgEFBQcBAQRoMGYwPQYIKwYBBQUHMAKGMWh0
dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9VVE5BZGRUcnVzdENsaWVudF9DQS5jcnQwJQYIKwYBBQUH
MAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEFBQADggEBAIXWvnhXVW0z
f0RS/kLVBqgBA4CK+w2y/Uq/9q9BSfUbWsXSrRtzbj7pJnzmTJjBMCjfy/tCPKElPgp11tA9OYZm
0aGbtU2bb68obB2v5ep0WqjascDxdXovnrqTecr+4pEeVnSy+I3T4ENyG+2P/WA5IEf7i686ZUg8
mD2lJb+972DgSeUWyOs/Q4Pw4O4NwdPNM1+b0L1garM7/vrUyTo8H+2b/5tJM75CKTmD7jNpLoKd
RU2oadqAGx490hpdfEeZpZsIbRKZhtZdVwcbpzC+S0lEuJB+ytF5OOu0M/qgOl0mWJ5hVRi0IdWZ
1eBDQEIwvuql55TSsP7zdfl/bucwggUqMIIEEqADAgECAhEA8BSF4QUynr/oAOUnSVCBvTANBgkq
hkiG9w0BAQUFADCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQ
MA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENP
TU9ETyBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTAeFw0xMzAzMDMw
MDAwMDBaFw0xNDAzMDMyMzU5NTlaMCUxIzAhBgkqhkiG9w0BCQEWFHlvYW5uLmdpbmlAZ21haWwu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11zV57Sqb+CpMeUSmttu8MsHvdUR
vZS9O5jKxWljaeZgQbr4A/yShO5PB7MgM4KMQjMIOoacShFvyf6ZivL8r8fFbAmc6NsHr4CN4S9T
E0WAi/MWUTPLYrD8zx0NsjimxLP/3Ln1b3TDb0Vp/bqOWePStBU2truYBodyGZCQiHVPBZC6d5tu
CswgnIbloUTf4RxyGGt8NCl94lBiw6ZNNc+94BRlIY8a6uyV5/9jqiAu/LZVpLV5n9YZ5BCfoRsM
GAi94eUzFv/AdCLp+l0OGjQ+K8APeHihjU8/VtNujjW1tA7r5bs3O8wTQ6lCoCV8J+XZMWUK4grO
xisqX5umywIDAQABo4IB5DCCAeAwHwYDVR0jBBgwFoAUehNOAHRbxnhjZCfBL+KgW7x5xXswHQYD
VR0OBBYEFH28/IbXcUSiVbEyWOgyob3zTeHTMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
MCAGA1UdJQQZMBcGCCsGAQUFBwMEBgsrBgEEAbIxAQMFAjARBglghkgBhvhCAQEEBAMCBSAwRgYD
VR0gBD8wPTA7BgwrBgEEAbIxAQIBAQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29t
b2RvLm5ldC9DUFMwVwYDVR0fBFAwTjBMoEqgSIZGaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09N
T0RPQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNybDCBiAYIKwYBBQUHAQEE
fDB6MFIGCCsGAQUFBzAChkZodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9DbGllbnRBdXRo
ZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5j
b21vZG9jYS5jb20wHwYDVR0RBBgwFoEUeW9hbm4uZ2luaUBnbWFpbC5jb20wDQYJKoZIhvcNAQEF
BQADggEBAC2aIbicOEFNkJwJlCEoBFsi/7im9S6E0GwQ2/+bn0GhOTZQ+mkB9Up2A99TsAV2dWJ/
TClZ5a/tx4K6eP+r7q1ci1QcDdomD8NLI+zpU0zx+I/RnEca24AYJ3fC5dS6nR5sjTj2zoYa0pXs
CVrMb24vXBr14iLwG7U+REEX6+p0tbwAjrJLPnViS1TvUPBz5J9W2ag10cCaecSsa6VOGR3xR5ah
r9pWGtKZ+xKxnuPsmny5xKCeB+73ZI6DTanIXzHiduGm3A/y7maIjJq4gy7Vm2hH3HaBTV4ZS/DZ
2/sKr5k9/asWaJosS5ciE00tMLCrvogWdF4xhSxUrm/C7j4xggOuMIIDqgIBATCBqTCBkzELMAkG
A1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEa
MBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENPTU9ETyBDbGllbnQgQXV0aGVu
dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIRAPAUheEFMp6/6ADlJ0lQgb0wCQYFKw4DAhoF
AKCCAdkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMwMzE5MDY1
NjUwWjAjBgkqhkiG9w0BCQQxFgQURXI9GaPj2eTy4/Zd0P2dpfoazGowgboGCSsGAQQBgjcQBDGB
rDCBqTCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENPTU9ETyBD
bGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIRAPAUheEFMp6/6ADlJ0lQ
gb0wgbwGCyqGSIb3DQEJEAILMYGsoIGpMIGTMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRl
ciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRl
ZDE5MDcGA1UEAxMwQ09NT0RPIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWls
IENBAhEA8BSF4QUynr/oAOUnSVCBvTANBgkqhkiG9w0BAQEFAASCAQAq7+o1EUy+K//oPKNZxusM
WAMu8yp3c53I7AHJ7wZPTuzzxQCwIvZadTkjZDRzgjePT6QkuqHY5rVLGNZ8OfWYy4cme2RcjC4L
2Ez/guCxXkvMlInEZ2OOUBXwN29v+XF068OyDee0N4anxedD3UwWkTV1Pw800dQ936TTHe/u/+oS
PVrrImddxyC3itk+TIeG8yf2TxuT5prXzOIAkEflwPmVb3gMB+4SElblSqqvZA/qNY17mCVYaAJ8
lgGHHPwmLBR6YtIfLji5RAJ2wyCGSBlt0BNRvNxpn17KDLmNphzxtuicuYOG2TyaOqp6Vd6pqy3s
s585Jd5sOJ8GCbTeAAAAAAAA

--Apple-Mail=_185037E8-C7DB-44E5-90C1-DFD058EAA9C1--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1306548A-C393-44DF-9B8D-9A34D806622E>