On Mon, May 16, 2016 at 1:51 PM, Gert Doering <g...@greenie.muc.de> wrote: > I'm not promising anything - this is a fairly special-case request, and > we already have sooo many special-case options that tend to get broken > if we change other bits of the code - it should be able to implement > these (route, ifconfig, ipv4 and ipv6) in a way that is not touched > much by other code bits - and maybe we can even come up with a more > general "--pull-option-filter <script>" thing where options get run > through an external script that implements local policy, and returns > only those options that are acceptable, or throws an error if things > cannot go on... > > I'd actually prefer the latter (a generic script) because once we have > these four options for your requirements, the next one will show up > and ask for a DHCP filter, and then we'll see something else again. >
Thanks Gert, I would be happy to a feature like that. Trac ticket is http://community.openvpn.net/openvpn/ticket/682 I trust the remote VPN endpoint by sending pakets which are designated to go there. I do *not* trust the remote to set up my ip addresses and networks. Imagine if the remote site manages to re-route my local DMZ network to the remote side, which forces my local clients to connect to some 'evil' remote service (ok ok, the firewall has to allow this as well, but I've seen many many improper setups). Therefore I think it's not a very "special-case request' :) Chris ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
