|
|
I am planning on deploying OpenVPN 2.0 at our institution
as a means of allowing selected users to:
a. get a institutional IP address from a remote location
b. have traffic encrypted to and from networks that
are part of our institution
Thus far we've got the basic technology working (using a Linux server
at the institution and WinXP/2000 clients off site) but have hit
a few challenges, not all of which we've mastered.
Here are the main outstanding issues:
1. Dynamically assigning SSL certificates and privates keys to
each legitimate user.
This is an installation problem. How can one bundle dynamically
generated keys from a www site (given the user has authenticated
first to a SSL enabled www site). into the current OpenVPN 2.0 beta
11 NSIS package so the executables, certs and config files all get
installed in one fell swoop?
2. How does one allow for a normal/non-Administrator user to:
a. know that VPN connection has been shut down or is still running?
b. start and stop the service at will
From previous posts, I understand that OpenVPN is intended to run
as a Windows service on the clients PC. ( One can install the
application to start automatically when the machine starts
or as it is now, be put in manual mode, which seems to be the
current default installation mode). We, the service provider
need to time out dormant sessions from the server end, to allow
for equitable use of the resource. This can be accomplished
using the "inactive N" configuration command. But once a client
has been "disconnected" how does the user know the state
of the connection and what tools are available to re-start
the VPN.
--
Russell P. Sutherland Email: russ @ madhaus.cns.utoronto.ca
4 Bancroft Ave., Rm. 102 Voice: +1.416.978.0470
University of Toronto Fax: +1.416.978.6620
Toronto, ON M5S 1C1 WWW: http://madhaus.cns.utoronto.ca/~russ
CANADA
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|