On 25/08/2008, at 6:37 PM, Brian E Carpenter wrote:
But blocking tunnels by default, although it's simple, also blocks innovation. That worries me. Brian
I agree with this stance. Blocking tunnels, although possibly more secure is going to make it very difficult to solve real world problems. We have enough trouble today with IPv4 Port forwarding in CPEs and the fact that some devices do not by default pass VPN traffic. I believe internal to external tunnel flow/solicitation should be permitted by default.
Truman