Open VPN for PEN testing

[ToddAndMargo <ToddAndMargo () zoho com>]

Hi All,

I have heard several folks say that they use Open VPN for human 
penetration testing.
Reference: 
https://www.pcisecuritystandards.org/pdfs/infosupp_11_3_penetration_testing.pdf

I apparently did not pay close enough attention. I figured that Open VPN 
would get you past the firewall and the multilayer switch. Which sounded 
right to me.  Use Open VPN to create a connection to the
computer and/or network to be tested.  Then test the computer/network 
with nmap, Metasploit, etc.

But, if I remember correctly, they also said they used Open VPN
as a direct attack mechanism to try to break into ports. Not as
a mechanism to gain access to the computer/network.

Am I missing something?  Can Open VPN actually be used as an attack
mechanism (nmap, metasploit) to test a computer/network?

Many thanks,
-T

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------