[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: 2.0 Feature Freeze Discussion

  • Subject: Re: [Openvpn-users] Re: 2.0 Feature Freeze Discussion
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Fri, 3 Dec 2004 01:06:49 +0100 (CET)

On Thu, 2 Dec 2004, Charles Duffy wrote:

One management-interface capability that seems useful that I don't see
covered in the documentation is the ability to have OpenVPN support a
"hibernating" state (in which no actual VPN connections are made or
accepted), optionally invoked on startup and set/reset via the management

That way an OpenVPN client could be run on boot in hibernating state as an
administrative user, and an unprivileged user could toggle its actual
operation on and off. To my knowledge the nearest alternative right now is
starting on boot with a password-associated key (or auth-user-pass) and
management-query-passwords set, and using the management interface to
provide the passwords (starting it up) or trigger a SIGHUP to interrupt
service. This doesn't seem quite satisfactory.

Didier Conchaudron has written a patch for the service wrapper which gives a similar management interface with which you can start and stop openvpn tunnels as a non-admin user.

I've started playing with a pre-release of this for my OpenVPN GUI 2.0 release, but it should be failry close to release by now.

Do you still feel a need for a "hibernating" state?

Otherwise, it looks good -- though it's hard to say anything for sure
until I've played with it more (my side project based on the management
interface went on hiatus due to a large project at work getting a
near-future deadline assigned; consequently, it may be a week or so until
I've had time to finish exercising the whole thing programmatically).

I agree, it looks very good and it's time to close it up to get it out to the world still waiting for a non-beta release of 2.0.

I'll do my best to get OpenVPN GUI 2.0 together soon, and then I might have some slight requests that can hopefully make it to 2.0

One thing I know already now is that I'd like to see more "states" defined during the connect phase. In OpenVPN GUI 2.0 I'd like to remove the default real-time displaying of the openvpn log output (It will still be possible to turn it on again).

Instead I'd like to show a couple of informative messages about the connecting process based on the STATE like:

* Waiting for initial respone from server.
* Authenticating with server.
* Downloading configuration from server.
* Assigning IP address to virtual network interface.
* Adding routes to system.
* Connected

The number of states should be enough for a user to make a basic assumption on why a connection fails without browsing a log. If he still can't find the cause just by seeing on which STATE it fails, he will of cource have to open the real log to get details.

Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://www.nilings.se/openvpn    / \   NO Word docs in e-mail