[ale] HomeVPN

Brian MacLeod nym.bnm at gmail.com
Tue Nov 13 17:03:53 EST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 11/13/12 4:50 PM, Robert L. Harris wrote:
> 
> yeah, didn't think it was possible,  would be nice though.
> 

On the other hand, should you have your own domain, you could publish
(*PUBLICALLY*) addresses to your internal network (or use external
addresses), and then specifically tell OpenVPN to push routes that
would direct traffic to those destination IPs through the VPN
connection. If you publish the externals, redirecting gets messy --
you also have to get a little loose with any firewall/forwarding rules
on the VPN hosts (and potentially intervening hosts, since they need
to know how to route packets BACK to the clients).  But if you publish
internal network addresses, it wouldn't be too bad since defining a
route to your internal network is expected.  Also, take into
consideration that there may be hosts/addresses in use on the clients'
current network that may use similar addressing schemes.  You'd likely
know this before it became and application/sharing problem because
likely you'd overlap on connection, and thus have problems establishing...


It can work.  It's not easy, prone to mistakes, and, prone to being an
inadvertent entry point into your network.

There be dragons here.

bnm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQE4BAEBCAAiBQJQosPJGxhoa3A6Ly9rZXlzZXJ2ZXIudWJ1bnR1LmNvbQAKCRD5
XCJY/q4Y6FcEB/9VwZml67U85+nCtJ1m5HJq3BR+vpb2lUxCzhxTxK2Ro8cOXtvF
99hb+kuaeMtl3eEnMKubXnBCoCypjxyKQgzCIJdbIpj6kKoqUOzuxiChGHUNhYjF
oAZHmnwfwkWcwVU0UUwT+hBNRe5ep7QGEMxsgtNju69zeIzjHnTXEhgYdPRQeGz4
n7Hg/hgnxHgsYQFc1xFGqKsov2GZX/IPI2b3YnEt21pzqOZZe9/2r5/fiG3vf4N8
o2dY08TYh0YhuqASx1+WM0qvyPOVcMgTVMU9+Kh8Qnly7HgN5wV4zNnpAjKoG5n4
1IBoaQF3cHVhxOAstxa6ltUUNlWW3nf2R2x2
=XkA+
-----END PGP SIGNATURE-----


More information about the Ale mailing list