|
|
Per-Olov Sjöholm wrote:
Is is possible to force a block of VPN clients in the central OpenVPN concentrator that are using old and vulnerable versions of openvpn? This kind of thing (reporting information voluntarily provided by the client's software for servers to use in deciding whether to allow connectivity) has historically been avoided because of the potential for server administrators to trust the information to be accurate -- but their nature, a client can be rebuilt or otherwise modified to "cheat" and report a version (or operating system, or hardware serial number, or so forth) other than what it's actually running. Now, I take it here that this is a corner case you don't care much about -- you just want to be able to encourage clients to upgrade when a new upstream version comes out, and since building a modified client is more work than upgrading, and because this is obviously something which isn't going to be used in place of real authentication, it's unlikely that anyone will attempt to circumvent it in this manner. As such, while new features are James's say, I don't expect that he would object overmuch to adding something along these lines -- except, of course, for his time being his own. Have you considered taking a shot at writing a patch yourself?
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-03/msg00016.html on line 194 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-03/msg00016.html on line 194 |