|
|
Per-Olov Sjöholm wrote:
Is is possible to force a block of VPN clients in the central OpenVPN
concentrator that are using old and vulnerable versions of openvpn?
This kind of thing (reporting information voluntarily provided by the
client's software for servers to use in deciding whether to allow
connectivity) has historically been avoided because of the potential for
server administrators to trust the information to be accurate -- but
their nature, a client can be rebuilt or otherwise modified to "cheat"
and report a version (or operating system, or hardware serial number, or
so forth) other than what it's actually running.
Now, I take it here that this is a corner case you don't care much about
-- you just want to be able to encourage clients to upgrade when a new
upstream version comes out, and since building a modified client is more
work than upgrading, and because this is obviously something which isn't
going to be used in place of real authentication, it's unlikely that
anyone will attempt to circumvent it in this manner. As such, while new
features are James's say, I don't expect that he would object overmuch
to adding something along these lines -- except, of course, for his time
being his own.
Have you considered taking a shot at writing a patch yourself?
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|