From owner-freebsd-net@FreeBSD.ORG Tue Mar 19 06:57:02 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 9839EC4A for ; Tue, 19 Mar 2013 06:57:02 +0000 (UTC) (envelope-from yoann.gini@gmail.com) Received: from mail-wg0-f52.google.com (mail-wg0-f52.google.com [74.125.82.52]) by mx1.freebsd.org (Postfix) with ESMTP id 0884478C for ; Tue, 19 Mar 2013 06:57:01 +0000 (UTC) Received: by mail-wg0-f52.google.com with SMTP id 15so81229wgd.31 for ; Mon, 18 Mar 2013 23:56:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:message-id:references:to:x-mailer; bh=Rum59LzexENzc9CiBWK3lHfxnBNkBrDDLpHC4l2cArA=; b=L2F++hMSiD0hEV6VQsfcIs8e/O0oq+29/Hz0VSGSsy7LCkedunuYGlILqQKvgN2pAE jcmlb0EPHl5hEIR+7RMJ3049f5Knu6w/NI4djSLbdJmUvznkhp3Hh4KtSTAscAzOQbTH 22cDNwt/aKPvFrGtz6W0Yia2QzbHAZEKulLXTFurGbu+002zKnCbMIPa2ftch9GDQT2H 9hRm3k2kAzF45eJrR/9GgrfTCDTeA0ggt5apxp+5S1FLSqAY3qSVquaFXdKxglSaVKhf 0WlXM9J0WHEdYkq5hkKD9t1nBWj934oiJoDcqdA0b0d3hi5JA0ccOYaAz2oeiQBSEYxC iQ8w== X-Received: by 10.180.185.204 with SMTP id fe12mr1099052wic.2.1363676215057; Mon, 18 Mar 2013 23:56:55 -0700 (PDT) Received: from [172.20.10.2] ([37.161.232.168]) by mx.google.com with ESMTPS id k5sm19351689wiy.5.2013.03.18.23.56.52 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 18 Mar 2013 23:56:53 -0700 (PDT) Content-Type: multipart/signed; boundary="Apple-Mail=_185037E8-C7DB-44E5-90C1-DFD058EAA9C1"; protocol="application/pkcs7-signature"; micalg=sha1 Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) Subject: Re: mpd5 and multiple route to send to clients From: Yoann Gini In-Reply-To: <5147EE5D.5070203@norma.perm.ru> Date: Tue, 19 Mar 2013 07:56:50 +0100 Message-Id: <1306548A-C393-44DF-9B8D-9A34D806622E@gmail.com> References: <9EC8E2D3-A52B-4FF1-B840-3D962DF8D917@gmail.com> <5147EE5D.5070203@norma.perm.ru> To: Eugene M. Zheganin X-Mailer: Apple Mail (2.1503) Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Mar 2013 06:57:02 -0000 --Apple-Mail=_185037E8-C7DB-44E5-90C1-DFD058EAA9C1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Le 19 mars 2013 =E0 05:49, Eugene M. Zheganin a = =E9crit : > You cannot do this with a pptp or l2tp, they just don't have that = ability. > Standard approach is either using remote pptp/l2tp peer as default = gateway, or creating a sticky route on the client side. Even if it=92s not built-in the L2TP / PPTP standard, the rest of the = world do it, and need it by the way. Using the VPN gateway as a default = one is not acceptable when it=92s made to secure access to specific = resources only (i.e: Split Tunneling), as a provider, I don=92t want to = handle all network traffic from road-warriors, I don=92t care about = their FaceBook traffic, I just want they corporate one. With VPN, also regularly come VPN on Demand, a settings on the client = side allowing the system to automatically start VPN connection when the = user request for a specific domain (like private.example.com). And if = the authentication is fully based on certificate, the user don=92t see = any authentication request. This kind of highly demanded feature today can=92t be address if at the = beginning we don=92t have split tunneling=85 Well, that=92s a big big problem for me and force me to review all my = plan about this network and also with my OS X Server replacement project = made from a standard FreeBSD=85 > You could do this using openvpn, but openvpn is a horrible mess of = weirdness and incompatibility. I agree with that, OpenVPN is such a mess=85 And can=92t be deployed on = all devices, for example, they have some problems to distribute their = app in France on iOS devices. That the only one with that problem=85 --Apple-Mail=_185037E8-C7DB-44E5-90C1-DFD058EAA9C1 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIO2jCCBIow ggNyoAMCAQICECf06hH0eobEbp27bqkXBwcwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0 d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wNTA2MDcwODA5MTBa Fw0yMDA1MzAxMDQ4MzhaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNh bHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0 dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0 aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmF pPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJk xIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/K2m2q L+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNpsaguG7bUMSAs vIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMe oYV+9Udly/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4HhMIHeMB8GA1UdIwQYMBaAFK29mHo0tCb3 +sQmVO8DveAky1QaMB0GA1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTAOBgNVHQ8BAf8EBAMC AQYwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9kb2Nh LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21vZG8u bmV0L0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAZ2IkRbyis pgCi54fBm5AD236hEv0e8+LwAamUVEJrmgnEoG3XkJIEA2Z5Q3H8+G+v23ZF4jcaPd3kWQR4rBz0 g0bzes9bhHIt5UbBuhgRKfPLSXmHPLptBZ2kbWhPrXIUNqi5sf2/z3/wpGqUNVCPz4FtVbHdWTBK 322gnGQfSXzvNrv042n0+DmPWq1LhTq3Du3Tzw1EovsEv+QvcI4l+1pUBrPQxLxtjftzMizpm4Qk LdZ/kXpoAlAfDj9N6cz1u2fo3BwuO/xOzf4CjuOoEwqlJkRl6RDyTVKnrtw+ymsyXEFs/vVdoOr/ 0fqbhlhtPZZH5f4ulQTCAMyOofK7MIIFGjCCBAKgAwIBAgIQbRnqpxlPajMi5iIyeqpx3jANBgkq hkiG9w0BAQUFADCBrjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExh a2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v d3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3QtQ2xpZW50IEF1dGhlbnRp Y2F0aW9uIGFuZCBFbWFpbDAeFw0xMTA0MjgwMDAwMDBaFw0yMDA1MzAxMDQ4MzhaMIGTMQswCQYD VQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRow GAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE5MDcGA1UEAxMwQ09NT0RPIENsaWVudCBBdXRoZW50 aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAkoSEW0tXmNReL4uk4UDIo1NYX2Zl8TJO958yfVXQeExVt0KU4PkncQfFxmmkuTLE8UAakMwn VmJ/F7Vxaa7lIBvky2NeYMqiQfZq4aP/uN8fSG1lQ4wqLitjOHffsReswtqCAtbUMmrUZ28gE49c NfrlVICv2HEKHTcKAlBTbJUdqRAUtJmVWRIx/wmi0kzcUtve4kABW0ho3cVKtODtJB86r3FfB+Os vxQ7sCVxaD30D9YXWEYVgTxoi4uDD216IVfmNLDbMn7jSuGlUnJkJpFOpZIP/+CxYP0ab2hRmWON GoulzEKbm30iY9OpoPzOnpDfRBn0XFs1uhbzp5v/wQIDAQABo4IBSzCCAUcwHwYDVR0jBBgwFoAU iYJnfcSdJnAAS7RQSHzePa4Ebn0wHQYDVR0OBBYEFHoTTgB0W8Z4Y2QnwS/ioFu8ecV7MA4GA1Ud DwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMBEGA1UdIAQKMAgwBgYEVR0gADBYBgNVHR8E UTBPME2gS6BJhkdodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRB dXRoZW50aWNhdGlvbmFuZEVtYWlsLmNybDB0BggrBgEFBQcBAQRoMGYwPQYIKwYBBQUHMAKGMWh0 dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9VVE5BZGRUcnVzdENsaWVudF9DQS5jcnQwJQYIKwYBBQUH MAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEFBQADggEBAIXWvnhXVW0z f0RS/kLVBqgBA4CK+w2y/Uq/9q9BSfUbWsXSrRtzbj7pJnzmTJjBMCjfy/tCPKElPgp11tA9OYZm 0aGbtU2bb68obB2v5ep0WqjascDxdXovnrqTecr+4pEeVnSy+I3T4ENyG+2P/WA5IEf7i686ZUg8 mD2lJb+972DgSeUWyOs/Q4Pw4O4NwdPNM1+b0L1garM7/vrUyTo8H+2b/5tJM75CKTmD7jNpLoKd RU2oadqAGx490hpdfEeZpZsIbRKZhtZdVwcbpzC+S0lEuJB+ytF5OOu0M/qgOl0mWJ5hVRi0IdWZ 1eBDQEIwvuql55TSsP7zdfl/bucwggUqMIIEEqADAgECAhEA8BSF4QUynr/oAOUnSVCBvTANBgkq hkiG9w0BAQUFADCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQ MA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENP TU9ETyBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTAeFw0xMzAzMDMw MDAwMDBaFw0xNDAzMDMyMzU5NTlaMCUxIzAhBgkqhkiG9w0BCQEWFHlvYW5uLmdpbmlAZ21haWwu Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11zV57Sqb+CpMeUSmttu8MsHvdUR vZS9O5jKxWljaeZgQbr4A/yShO5PB7MgM4KMQjMIOoacShFvyf6ZivL8r8fFbAmc6NsHr4CN4S9T E0WAi/MWUTPLYrD8zx0NsjimxLP/3Ln1b3TDb0Vp/bqOWePStBU2truYBodyGZCQiHVPBZC6d5tu CswgnIbloUTf4RxyGGt8NCl94lBiw6ZNNc+94BRlIY8a6uyV5/9jqiAu/LZVpLV5n9YZ5BCfoRsM GAi94eUzFv/AdCLp+l0OGjQ+K8APeHihjU8/VtNujjW1tA7r5bs3O8wTQ6lCoCV8J+XZMWUK4grO xisqX5umywIDAQABo4IB5DCCAeAwHwYDVR0jBBgwFoAUehNOAHRbxnhjZCfBL+KgW7x5xXswHQYD VR0OBBYEFH28/IbXcUSiVbEyWOgyob3zTeHTMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA MCAGA1UdJQQZMBcGCCsGAQUFBwMEBgsrBgEEAbIxAQMFAjARBglghkgBhvhCAQEEBAMCBSAwRgYD VR0gBD8wPTA7BgwrBgEEAbIxAQIBAQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29t b2RvLm5ldC9DUFMwVwYDVR0fBFAwTjBMoEqgSIZGaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09N T0RPQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNybDCBiAYIKwYBBQUHAQEE fDB6MFIGCCsGAQUFBzAChkZodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9DbGllbnRBdXRo ZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5j b21vZG9jYS5jb20wHwYDVR0RBBgwFoEUeW9hbm4uZ2luaUBnbWFpbC5jb20wDQYJKoZIhvcNAQEF BQADggEBAC2aIbicOEFNkJwJlCEoBFsi/7im9S6E0GwQ2/+bn0GhOTZQ+mkB9Up2A99TsAV2dWJ/ TClZ5a/tx4K6eP+r7q1ci1QcDdomD8NLI+zpU0zx+I/RnEca24AYJ3fC5dS6nR5sjTj2zoYa0pXs CVrMb24vXBr14iLwG7U+REEX6+p0tbwAjrJLPnViS1TvUPBz5J9W2ag10cCaecSsa6VOGR3xR5ah r9pWGtKZ+xKxnuPsmny5xKCeB+73ZI6DTanIXzHiduGm3A/y7maIjJq4gy7Vm2hH3HaBTV4ZS/DZ 2/sKr5k9/asWaJosS5ciE00tMLCrvogWdF4xhSxUrm/C7j4xggOuMIIDqgIBATCBqTCBkzELMAkG A1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEa MBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENPTU9ETyBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIRAPAUheEFMp6/6ADlJ0lQgb0wCQYFKw4DAhoF AKCCAdkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMwMzE5MDY1 NjUwWjAjBgkqhkiG9w0BCQQxFgQURXI9GaPj2eTy4/Zd0P2dpfoazGowgboGCSsGAQQBgjcQBDGB rDCBqTCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENPTU9ETyBD bGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIRAPAUheEFMp6/6ADlJ0lQ gb0wgbwGCyqGSIb3DQEJEAILMYGsoIGpMIGTMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRl ciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRl ZDE5MDcGA1UEAxMwQ09NT0RPIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWls IENBAhEA8BSF4QUynr/oAOUnSVCBvTANBgkqhkiG9w0BAQEFAASCAQAq7+o1EUy+K//oPKNZxusM WAMu8yp3c53I7AHJ7wZPTuzzxQCwIvZadTkjZDRzgjePT6QkuqHY5rVLGNZ8OfWYy4cme2RcjC4L 2Ez/guCxXkvMlInEZ2OOUBXwN29v+XF068OyDee0N4anxedD3UwWkTV1Pw800dQ936TTHe/u/+oS PVrrImddxyC3itk+TIeG8yf2TxuT5prXzOIAkEflwPmVb3gMB+4SElblSqqvZA/qNY17mCVYaAJ8 lgGHHPwmLBR6YtIfLji5RAJ2wyCGSBlt0BNRvNxpn17KDLmNphzxtuicuYOG2TyaOqp6Vd6pqy3s s585Jd5sOJ8GCbTeAAAAAAAA --Apple-Mail=_185037E8-C7DB-44E5-90C1-DFD058EAA9C1--