> I am interested in knowing wha tyour AutoVPN project does, but I didn't > understand after reading your letter. Can you explain what it does?
OK. I thought I was clear... :-) We need to let some of our users access our network from their home through their Internet access (Modem or Cable or ADSL). So we need a VPN for them. There is one called SecuRemote that comes with checkpoint Firewall. But it's only for windows, not for Linux. The goal is to have a VPN that needs only an account into one machine, not a certificate. It's because it's easier to manage for a large bunch of users. So we are using OpenVPN with *shared key*, not with TLS + certificate. The way that works: - Open am SSH session to our gateway (inside the network) - The user gives its password (no RSA key) - A script is called on the server which: - generate a shared key - starts openvpn with it - returns this key to the client - Then, the client starts openvpn passing the shared key - The VPN is open. Advatage: - No need of certificates for every people - No need of pre-shared key. It'changed every time a new autovpn session is made Understand better? -jec
