From owner-freebsd-security@FreeBSD.ORG Sat May 10 13:52:02 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C2EA137B401 for ; Sat, 10 May 2003 13:52:02 -0700 (PDT) Received: from brisefer.cediti.be (porquepix.cediti.be [213.189.188.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 530F843F85 for ; Sat, 10 May 2003 13:52:01 -0700 (PDT) (envelope-from Olivier.Cherrier@cediti.be) Received: by brisefer.nat.cediti.be with Internet Mail Service (5.5.2653.19) id ; Sat, 10 May 2003 22:49:00 +0200 Message-ID: From: Olivier Cherrier To: 'Peter Pentchev' , Chris BeHanna Date: Sat, 10 May 2003 22:48:58 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="windows-1251" cc: FreeBSD Security Subject: RE: Down the MPD road X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 May 2003 20:52:03 -0000 > > Here is where we descend into Windows-bashing. For some STUPID > > reason, when a Windows box connects to a VPN via PPTP, the Windows > > box's default route is adjusted to go through the VPN connection. > > This is fortunately fixable (Windows has a ROUTE command), but it > > requires your users to have half a clue: > > > > route delete 0.0.0.0 > > route add 0.0.0.0 mask 0.0.0.0 gateway metric 1 > > route add [InsideNetwork] mask [InsideMask] gateway > [far end of VPN > > tunnel] metric 1 > > I cannot test this right now, so it is quite probable that you are > right, but couldn't this be controlled by the Properties >> Networking > >> Internet Protocol (TCP/IP) >> Properties >> Advanced >> General >> > >> Use default gateway on remote network? Yes, this checkbox allows to NOT route all the traffic to the VPN server. No need of 'route delete, route add ...' scripts. oc