Le 19 mars 2013 à 05:49, Eugene M. Zheganin <[email protected]> a écrit :
> You cannot do this with a pptp or l2tp, they just don't have that ability. > Standard approach is either using remote pptp/l2tp peer as default gateway, > or creating a sticky route on the client side. Even if it’s not built-in the L2TP / PPTP standard, the rest of the world do it, and need it by the way. Using the VPN gateway as a default one is not acceptable when it’s made to secure access to specific resources only (i.e: Split Tunneling), as a provider, I don’t want to handle all network traffic from road-warriors, I don’t care about their FaceBook traffic, I just want they corporate one. With VPN, also regularly come VPN on Demand, a settings on the client side allowing the system to automatically start VPN connection when the user request for a specific domain (like private.example.com). And if the authentication is fully based on certificate, the user don’t see any authentication request. This kind of highly demanded feature today can’t be address if at the beginning we don’t have split tunneling… Well, that’s a big big problem for me and force me to review all my plan about this network and also with my OS X Server replacement project made from a standard FreeBSD… > You could do this using openvpn, but openvpn is a horrible mess of weirdness > and incompatibility. I agree with that, OpenVPN is such a mess… And can’t be deployed on all devices, for example, they have some problems to distribute their app in France on iOS devices. That the only one with that problem…
smime.p7s
Description: S/MIME cryptographic signature
