>> As you may have noticed, ALS has not been developed actively since last >> summer. So what do _you_ think we should do with our project? > > First let me thank you for the excellent mail. The status of the > project is important to me. I am also sorry to hear the project is > currently dying slowly. The thing I can do for the project is a small > donations around 100 Euro for either migration support or continuation > of the development.
Thanks for you mail, Jelle! We'll have to wait and see if others are willing to shell out some cash to support the project. I think the core problem with ALS is that it was originally (as SSL-Explorer) developed as a _product_, not as a OSS project. Many of the design decisions in SSL-Explorer reflect this; unfortunately what makes sense for a company-led project does not necessarily make sense for a community-driven project. A few examples: - integrating everything into big, complex blob (Jetty, HSQLDB, webapp, agent, webdav servlet, etc.) - adding many (unnecessary) layers of complexity (dynamic extension system, extension store, etc.) - lack of (public) developer documentation The most successful community-driven projects are relatively small and simple (which makes barrier to entry low) and pretty general purpose (which allows for a large user/developer base). > As a customer/user of OpenVPN-ALS I have the following needs; I need a > reverse proxy solution that can use Microsoft Active Directory for > authorisation with the access controls features available in OpenVPN-ALS. > > I can also make my needs more basic, security is king and > maintainability and sustainability is second. (OpenVPN-ALS currenlty > has issues on this) > > I have several Intranet websites, (wiki's, e-hours, device interfaces, > medical portals etcetera) that needs to become available trough one > singe portal system that can handle individual access controls. > Currently OpenVPN-ALS provides this. > > I would be said if OpenVPN-ALS discontinues, but I would really like > to be supported in a functional migration to an other solution. A > _migration_ how to for Squid or Pound as the "webforwarding" > replacement for OpenVPN-ALS would be appreciated! I would not say OpenVPN ALS gets discountinued - slowly fading away would be more proper way to put it. There is simply not enough interest and/or resources for developing it in purely community-driven fashion. I discussed the relative merits of application-layer and data link / network-layer SSL VPN's with James (CEO of OpenVPN) a while back. We concluded that the main advantage of an application-layer SSL VPN (such as ALS) is that it does not require a separate client installation (besides a web browser). Pretty much everything can be easily accomplished with a data link/network-layer SSL VPN such as OpenVPN: <http://www.openvpn.net/index.php/open-source.html> For example, you can easily limit which user (=IP) has access to which servers (=IP). The application itself needs to take care of access control and authorization. Many things such as drive mapping can be taken for granted when VPN operates on data link layer, whereas they are _very_ complex when operating on application layer, see <https://sourceforge.net/apps/trac/openvpn-als/wiki/drive_mapping_extension> In some environments OpenVPN (=the original one) may be somewhat difficult to configure properly. In most cases, however, it's at least as fast to setup as ALS. I managed to set up a simple VPN in ~6 hours with no prior experience. OpenVPN's user and developer communities are _very_ active and helpful in case you get stuck. I think writing migration guides (e.g. to OpenVPN (AS), Squid, Pound) would make sense. This is where our Wiki comes handy: <http://sourceforge.net/apps/trac/openvpn-als/wiki> > Also remember that users can have large investment in excising > OpenVPN-ALS in both time as money. I know of installations that have > very expensive SSL certs for OpenVPN-ALS, lot of man hours to > configure OpenVPN-ALS with for example user access controls and > webforwardings, and all the time for the project management politics. > (this can sum op to more then two full months of work) True. However, there's nothing I can do about this. I don't have the skills, time or interest to maintain the project myself and unfortunately the community-driven development model does not seem to work for ALS (for reasons stated above). Samuli ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Openvpn-als-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel
