[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] newbie OpenVPN usage question

  • Subject: Re: [Openvpn-users] newbie OpenVPN usage question
  • From: "Robbie" <sheriff@xxxxxxxxxx>
  • Date: Fri, 14 Jul 2006 10:05:17 -0400 (EDT)
 --- On Fri 07/14, Charles Duffy < cduffy@xxxxxxxxxxx > wrote:

From: Charles Duffy [mailto: cduffy@xxxxxxxxxxx]

To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx

Date: Fri, 14 Jul 2006 08:41:49 -0500

Subject: Re: [Openvpn-users] newbie OpenVPN usage question



>If I understood your post correctly, you're asking if one could

implement OpenVPN without a TCP/IP stack, though you supposedly have UDP support already (written directly at application level, or do you have an IP stack but no TCP?) on some unspecified embedded OS with an

unspecified level of POSIX compliance on which a tun/tap adapter may or may not be available.



> In any event, it's pretty unclear what you're asking. It's also unclear how much effort you're willing to put into it. OpenVPN is intended to work in a POSIX environment with OpenSSL, a conventional BSD sockets style IP stack and a tun/tap adapter available. Can you get it to work elsewhere? Sure, with enough man-hours... but the number of hours involved may be prohibitive, and you may have ended up rewriting not just OpenVPN itself but its dependencies as well by the time you're through.





>So -- you asked a big wide-open problem (read: "time sink") without a

simple, clear answer; you contradicted yourself in parts; you used a

subject line which had *nothing at all* to do with the content of your

message; and you left out pertinent details. Is it a surprise you didn't get a response?







Yes, It is a surprise I didn't get a response. You forgot perhaps the most important part of the subject: "newbie". That shoud signal a bell.

In any rate - from what I read - OpenVPN has two auth. modes Static key and TLS. Therefore, I suspect if I'm using atatic keys I wouldn't need OpenSSL, correct? Furthermore, if I use the option --secret to generate the 4 independent keys and still using the static option, I also wouldn't need OpenSSL. Am I correct there also?

Hence, It appears that once the tunnel is established and the keys exchanges, communication can continue and either device doesn't need to know what their software capabilities are.

So it appears - although I'm not at all confident of this - that I don't need an TCP stack?

Where am I going wrong?



Thanks,

--Robbie

_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!



______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users