why do client need server side "include-local-lan" ?

Unanswered Question
Nov 12th, 2009
User Badges:

I cannot fully understand this. vpn client already know its lan subnet, although it took default network from server side by mode-cfg, it can still exclude its local lan subnet by itself for encryption. Why does it need server side to configure "include-local-lan" to enable client local lan access?

for security? if server side don't have include-local-lan, then all traffic from client must go through vpn tunnel? I think client can still change its routing table to workaround this very easily after tunnel established.

Anybody can give me an idea about this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Mon, 11/23/2009 - 02:01
User Badges:
  • Red, 2250 points or more

Its not so easy to play around with the local routing table as the VPN client will use a virtual IP (gateway) to force traffic to it. But yes it can be done as you mentioned.

I really don't understand your 'why' question. Is it practical to hack the routing table of the client everytime you want to do local LAN access?




This Discussion