It doesn't have to be insecure, it just requires careful setup to ensure
that incoming from the internet is controlled (ie not allowed, or allowed
in a completely accountable way) and that there is no capacity for traffic
to cross the two nets: internet <-> tunnel
The vpn product that *** offer uses a cisco client and
disables split-tunnelling. It cannot be worked around as the the client has
no local config. Start the client and it downloads its config from the
server, which cannot be changed without restarting the client...
sounds like a good way of doing it.
..S.
-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
