|
|
On Wed, 2004-03-31 at 01:03, James Yonan wrote: > > > * Right now clients are allocated a single, dynamic IP address. It would be > > > nice if a connecting client could specify a full subnet to be tunneled. > (2) In general you want to run the VPN server with reduced privilege, to limit > damage in the case that the server is somehow compromised. But adding and > removing routes requires privilege, unless all routes for every possible > client are configured on server startup, before the privilege downgrade. Privilege separation? Run multiple processes with different privileges (actually, minimum privileges each), each one performing a simple and specific task, and have them communicate somehow. Like Postfix, or Qmail, or recent OpenSSH versions. Yeah, it adds complexity, bu then, perhaps it removes some other complexity. ;-) -- Florin Andrei http://florin.myip.org/ ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |