|
|
On Thursday 02 March 2006 16.01, Charles Duffy wrote: > Per-Olov Sjöholm wrote: > > Is is possible to force a block of VPN clients in the central OpenVPN > > concentrator that are using old and vulnerable versions of openvpn? > > This kind of thing (reporting information voluntarily provided by the > client's software for servers to use in deciding whether to allow > connectivity) has historically been avoided because of the potential for > server administrators to trust the information to be accurate -- but > their nature, a client can be rebuilt or otherwise modified to "cheat" > and report a version (or operating system, or hardware serial number, or > so forth) other than what it's actually running. I agree on that one. But.... A function like this is not for security, but to force the mass of "stupid" and "ignorant" standard users. With such a function the follow up work that needs to be done anyway will be less... > > Now, I take it here that this is a corner case you don't care much about > -- you just want to be able to encourage clients to upgrade when a new > upstream version comes out true.. > , and since building a modified client is more work than upgrading true... > , and because this is obviously something which isn't > going to be used in place of real authentication also true... > , it's unlikely that anyone will attempt to circumvent it in this manner. > As such, while new features are James's say, I don't expect that he would > object overmuch to adding something along these lines -- except, of course, > for his time being his own. This I can understand. But it would sure be a helpful add-on.... Maybe I will mail Mr Yonan and ask... > > Have you considered taking a shot at writing a patch yourself? No. I haven't actually looked at the code of OpenVPN (yet). Regards Per-Olov > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live > webcast and join the prime developer group breaking into this new coding > territory! > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-03/msg00017.html on line 241 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-03/msg00017.html on line 241 |