|
|
|
Hi, This sounds great, because, not only enable it the requested logon, but also solves other problems like: Ras runs as system service, and has therefore the possibility to change the routing table (Normal Ras changes at least the Default gw) and has a GUI that accepts a user / passwd combination / certificate etc. This should also solve the NON admin / pushed routes / GUI passwd challenge problem that still exist. (see my post of last week asking about status of that. (no one has replied yet :-( ) and is a nicer solution as the ms1 hack of OpenVPN GUI which is vulnerable for the scatter attack (as all windows services that interact with the desktop) But I can patch and compile a program, but I'm not a developer. Is anyone capable and willing to implement a RAS provider and ndiswan wrapper for OpenVPN and the TAP driver? John Knappers > Date: Thu, 28 Dec 2006 14:58:54 +0200 > From: alon.barlev@xxxxxxxxx > To: ilinktech@xxxxxxxxx > CC: openvpn-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: [Openvpn-users] Repost - Windows authentication over OpenVPN > > Hi, > > The simplest solution is to write a GINA hook to start OpenVPN service > during login event. > A better solution would be to write a RAS provider, you can select a > RAS profile during Windows logon, which will start the OpenVPN > connection. > > Or you can use OpenVPN with service autostart and a lot of retries, > and pray it will connect before the user performed the logon. > > Best Regards, > Alon Bar-Lev. > > On 12/28/06, Ed Wallig <ilinktech@xxxxxxxxx> wrote: > > Hi all, > > > > Posted this during the holiday so I don't know if anyone saw it - looking > > for some advice. > > > > Thanks...] > > > > --------------------------------------------------------------------------------------------------- > > > > Hi, > > > > I know this has been asked a number of times but I'm still trying to get my > > head around it. We've been using OpenVPN for almost 2 years now and have > > been very happy with it but now I have a new project. > > > > I have a group of managers that often work away from the office using > > company-issued laptops. These guys are looking for a way to logon to our > > Windows domain from remote locations and have an experience that is similar > > (albeit much slower) to what they get when at the home office. > > > > Here's my current setup: > > > > T-1 > > router > > > > | > > Perimeter > > Firewall > > | > > | > > | > > | > > Internal LAN DMZ > > / \ > > Windows Network OpenVPN server, etc > > > > > > The OpenVPN server (version 2.0.x) routes traffic from remote VPN clients to > > various resources in both the DMZ and the internal network. Authentication > > is currently based on certificates and RADIUS authentication. Users > > currently use the OpenVPN GUI and enter their username and passwords when > > prompted. They have access to some basic resources but the experience is not > > the same as if they were logged onto the domain. > > > > Essentially what the managers want to do now is to be able to power on their > > laptops, press Cntl+Alt+Delete when prompted, enter their AD credentials, > > and be logged onto the domain. Logon scripts (or alternatively some 3rd > > party solution like Desktop Standard) would map drives, printers, etc and > > they would have access to our intranet-based applications without having to > > re-authenticate. They are aware that it would be much slower than what they > > are used to when on the company LAN; the goal here is fewer password prompts > > and a more seamless experience when away from home. Terminal Services / > > Citrix is not overly desirable for a couple of reasons that I won't get into > > in this post. > > > > Anyone doing this? Ideas? > > > > Thanks as always... > > > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam protection around > > http://mail.yahoo.com > > ------------------------------------------------------------------------- > > Take Surveys. Earn Cash. Influence the Future of IT > > Join SourceForge.net's Techsay panel and you'll get the chance to share your > > opinions on IT & business topics through brief surveys - and earn cash > > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > > > _______________________________________________ > > Openvpn-users mailing list > > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > > https://lists.sourceforge.net/lists/listinfo/openvpn-users > > > > > > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users Met MSN Spaces kun je per e-mail je weblog bijwerken. Publiceer leuke verhalen, foto's en meer! Het is gratis! Het is gratis! ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |