Hi Arne, Yes, the client/driver installation on OpenVPN is tedious. I agree that this is the strong point in web-based offerings such as ALS. Perhaps a good overall solution would be to combine a simple web-based reverse proxy / replacement proxy service with full network-layer solution such as OpenVPN. There are quite a few reverse proxy solutions around:
<http://nginx.org/en> <http://wiki.squid-cache.org/SquidFaq/ReverseProxy> <http://www.apsis.ch/pound> I don't know if they can be used to replace ALS' reverse proxy functionality completely, though. I feel the core problem with ALS' codebase (for us) is that instead of integrating existing OSS components 3sp reinvented the wheel on many occasions. This means we were left with a big, complex, tightly integrated and hard to understand codebase which can't be easily used by other projects (which would get external developers interested). An entirely separate approach is beneficial for community-driven projects. For example, Linux distributions such as Debian are extremely complex. However, instead reinventing the wheel (=applications) Debian developers just integrate stuff together, thus limiting the effects of complexity. Most of the maintenance overhead is taken care of by external developers, not by Debian project itself. Similar approaches can be used for commercial OSS applications, but 3sp did not go that route - probably for reasons that made sense for them. > I don't have much to add to the discussion but I just wanted to make one > point of why a web-based SSL VPN is useful. In my experience OpenVPN is > easy to setup and works pretty well. My main problem is the > administrative overhead when trying to distribute logons for all the > users. Having 500+ (new comming in all the time) mobile users and then > distributing them is such a mess. A web based solution that integrates > with RADIUS or Active Directory is so much easier and also easier for > the end-user. > > That being said, I think it's sad that the project is fading away. > Commercial alternatives are so expensive. Like $100-200 per user. Sadly > our economic situation is not so good that we can afford to support this > project, then it would just be cheaper to go commercial. I think a > project of this magnitude needs at least $150 000 to get started again > and attract new developers. > > 2010/4/8 [email protected] <mailto:[email protected]> > <[email protected] <mailto:[email protected]>> > > >> As you may have noticed, ALS has not been developed actively > since last > >> summer. So what do _you_ think we should do with our project? > > > > First let me thank you for the excellent mail. The status of the > > project is important to me. I am also sorry to hear the project is > > currently dying slowly. The thing I can do for the project is a small > > donations around 100 Euro for either migration support or continuation > > of the development. > > > In some environments OpenVPN (=the original one) may be somewhat > difficult to configure properly. In most cases, however, it's at least > as fast to setup as ALS. I managed to set up a simple VPN in ~6 hours > with no prior experience. OpenVPN's user and developer communities are > _very_ active and helpful in case you get stuck. > > I think writing migration guides (e.g. to OpenVPN (AS), Squid, Pound) > would make sense. This is where our Wiki comes handy: > > <http://sourceforge.net/apps/trac/openvpn-als/wiki> > > > Also remember that users can have large investment in excising > > OpenVPN-ALS in both time as money. I know of installations that have > > very expensive SSL certs for OpenVPN-ALS, lot of man hours to > > configure OpenVPN-ALS with for example user access controls and > > webforwardings, and all the time for the project management politics. > > (this can sum op to more then two full months of work) > > True. However, there's nothing I can do about this. I don't have the > skills, time or interest to maintain the project myself and > unfortunately the community-driven development model does not seem to > work for ALS (for reasons stated above). > > Samuli > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Openvpn-als-devel mailing list > [email protected] > <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel > > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > > > ------------------------------------------------------------------------ > > _______________________________________________ > Openvpn-als-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Openvpn-als-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel
