Re: [Openvpn-users] Release: OpenVPN-GUI for Windows v1.0-beta2

[sam <samwun@xxxxxxxxxxxxxxxx>]

James Yonan wrote:

> On Sunday 04 July 2004 10:22, Tyrone Omidi wrote:
>  
>
> > You could have user and service modes like VNC does.  To start with, you
> > could simply have options to start/stop/restart the service. Makes it
> > easier than talking someone through going into services. Quick for
> > admins too.  The tail -f option on the log file would be very good.
> >    
>
> One issue to keep in mind is that openvpn.exe cannot (at this time) connect to 
> the TAP-Win32 driver unless it is running with Admin privileges.  One would 
> think that the TAP-Win32 driver should be able to control the permissions on 
> the linkage, but unfortunately that is not the case.  For more info see here:
>
> <URL: 
> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=uSjqMbLrCHA.1640%40TK2MSFTNGP09&rnum=3&prev=/groups%3Fq%3Dndismregisterdevice%2Bsecurity%26hl%3Den%26lr%3D%26ie%3DUTF-8%26selm%3DuSjqMbLrCHA.1640%2540TK2MSFTNGP09%26rnum%3D3 
>  
>
>
> The upshot is that for Windows computers which run in user or guest mode, it 
> will be necessary to have openvpn.exe instantiated from a service wrapper.
>
> James
>
>  
I would think this is the most usable feature for a windows user. While 
having a non-Admin user install and confoigure the tap-win driver 
Automatically without the user worry about where the driver goes and 
what is the name of the driver, etc.. because most of the network 
configuration is pushed by the server. The server can reduce as much as 
possible about the network  configuration at the client site by using 
--server-mode + push method.

>  
>
> > I think the openvpnserv.exe would need to be modified to start
> > individual configs on demand?
> >
> > In reply to sam,
> > I think it could become complicated if you implement GUI configuration.
> > But that's still arguably easier than the config file, especially is
> > help is available for each option.
> >
> > As far as auto config for road warriors is concerned, that's kinda taken
> > care of in OpenVPN version 2 with push/pull options, unless you want the
> > program to manage keys/certs?
> >
> > I like the idea of this simple tool in the tray to do the basic tasks or
> > even more.
> >
> >
> >
> > -----Original Message-----
> > From: Mathias Sundman [mailto:mathias@xxxxxxxxxx]
> > Sent: 04 July 2004 11:49
> > To: sam
> > Cc: Tyrone Omidi; Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > Subject: Re: [Openvpn-users] Release: OpenVPN-GUI for Windows v1.0-beta2
> >
> > On Sun, 4 Jul 2004, sam wrote:
> >    
> >
> > > I would rather go for automtic configuration for RoadWorriors rather
> > >      
> > than
> >
> >    
> >
> > > useing complicated managment tool like this.
> > > Remember our goal is to simplify user's administration.
> > >      
> > Could you please elaborate what you mean with "complicated management
> > tool"?
> >
> > What we are discussing is just how the gui client should communicate
> > with
> > it's openvpn processes "behind the scene". The graphical interface the
> > user sees should still be as simple as possible.
> >
> > Do you consider the current "look" of my gui complicated?
> >
> >    
> >
> > > Mathias Sundman wrote:
> > >      
> > >
> > > > On Sun, 4 Jul 2004, Tyrone Omidi wrote:.
> > > >
> > > >        
> > > >
> > > > > How about options manage the service?
> > > > >          
> > > > How would you like to see this implemented? Just another menu item
> > > >        
> > that
> >
> >    
> >
> > > > can start/stop the service?
> > > >
> > > > What about multiple configs started by the service. Should the GUI be
> > > >        
> > able
> >
> >    
> >
> > > > to start/stop these individually? How do we do this?
> > > >
> > > > When we have the "management protocol" ready we should be able to use
> > > >        
> > this
> >
> >    
> >
> > > > to hook into the processes started by the service.
> > > >
> > > > To be able to stop a process started by the service and then start it
> > > >
> > > > again, we would need either:
> > > >
> > > > 1. A "SUSPEND" mode in openvpn, so we can tell it to "stop", but the
> > > > process should still be running, but inactive, so we later can tell
> > > >        
> > it to
> >
> >    
> >
> > > > start again (still running as the same user as the service wrapper
> > > >        
> > started
> >
> >    
> >
> > > > it as.).
> > > >
> > > > 2. What Jan Kiszka suggested, an openvpn process running capable of
> > > > forking of new processes with a specific config-file.
> > > >