On Thu, Mar 1, 2012 at 12:45 AM, Jason Haar <jason_h...@trimble.com> wrote: > A comment on your [1] reference. The issue of remote-user vs enterprise > is an old one - that affects many software applications - not just > openvpn. I personally think the proper solution is to implement NAC: > make "the network/enterprise" audit the remote host and only allow it if > it meets expectations. As such I don't think openvpn has to solve this > problem itself, as "the enterprise" cares a lot more about the remote > machine than whether or not the remote user has injected a couple of > routes into the local routing table. eg Windows AV status. > > I think openvpn is quite entitled to act as a "mere" vpn solution, "the > enterprise" should invoke a more over-arching solution (such as NAC with > NAC agents) to ensure policy compliance. >
Yes, and I guess you read to the end to the technical solution, right? Do you have a comment about that? Alon.
