[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: Interface with GUI agent, was: Re: [Openvpn-devel] [Patch] revoke scripts were broken


  • Subject: Re: Interface with GUI agent, was: Re: [Openvpn-devel] [Patch] revoke scripts were broken
  • From: Denis Vlasenko <vda@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Sun, 4 Jul 2004 01:54:49 +0300

On Saturday 03 July 2004 23:01, James Yonan wrote:
>   management 127.0.0.1 20001
>
> This will cause OpenVPN to listen on 127.0.0.1:20001 as its management
> interface port.
>
> It's important, of course, that the management port always be local, since
> we are using it to potentially pass passwords and other sensitive data that
> should never actually touch a real network interface.
>
> Thinking ahead, the challenge/response sequence for passing authentication
> info should be open-ended to provide for future implementation of
> alternative authentication methods such as Radius, LDAP, NT Auth, etc.

Please don't do too much of that. I've seen this auth featuritis creeping
in ntp and ups tools(!). Results ain't pretty...

Reconfiguration of openvpn can always be done by editing config file
and restarting openvpn daemon. Simple. Elegant. No additional coding
- no risk of introducing bugs.

This can be done via systray app, too.
--
vda