I wouldn't have thought that a VPN would be a threat to your network any more than allowing clients to connect to it for internet access, other than the configuration of a few ports on the router.
If you have a stateful firewall and proxy server, general internet connections are screened before traffic enters the protected LAN. If you allow VPN tunnels, harmful traffic can come into the LAN without being screened.
Before allowing VPN tunnels (or
any encrypted, hence unscreened, tunnel), guest computers should be isolated from each other so that harmful content is isolated to the individual's computer. And when that guest's computer gets hosed through his tunnel, it's not the hotel's problem!
-jk
Previous Topic
Index
