On Fri, Mar 30, 2001, David Schwartz wrote:
'Unidirectional VPN' is not an oxymoron. A VPN emulates a private pipe by using a public network. A unidirectional VPN emulates a unidirectional private pipe using a public network. Sometimes, that's all you need.
For example, suppose you have two offices that each have a /24 from different ISPs. You have no private link between them. For some reason, you need to have a machine at one location with an IP address from the 'wrong' /24. What you'd like to have is a private network between them. Since you don't have one, you use a virtual private network.
Obviously, inbound packets to this IP will arrive at the 'wrong' place, so you need to tunnel them to the right place. However, outbound packets have both source and destination addresses that are valid on the public Internet. You could tunnel them, but that would result in increased bandwidth consumption and gain you basically nothing.
Having to setup and use your own servers for your customer outbound mail must be hard. I mean, wouldn't it be much easier just to point smtp.yourisp at some other large ISP who already have spent the money? Or news? Heaven forbid if your NNTP server went down, couldn't you quickly point nntp.yourisp at a large / close ISP so your customers still had NNTP access? Wouldn't it be nice for ISPs to do that? AHAHAHAHAHAHAHAHA. Not in todays Internet. Why isn't it the same with IP? Why does IP have to be unfiltered? So you have to run a bi-directional VPN in order to get the traffic *properly encapsulated*. Jesus, if the internet was built by people like you, we'd have a haphazard, chaotic routing core continuously flapping and changing topology.. .. oh wait. We do. See what happens when you don't assume everyone is evil[0] ? Adrian [0] This wasn't a poke at the internet pioneers. I just don't think they saw the internet being overrun by script kiddies, thats all. -- Adrian Chadd "The fact you can download a 100 megabyte file <adrian@creative.net.au> from half way around the world should be viewed as an accident and not a right." -- Adrian Chadd and Bill Fumerola