On Aug 23, 2006, at 04:14, Pasi Kärkkäinen wrote:


Hi!

Nice work. Need to test it someday..

Thanks.

Please consider adding a feature which enables administrator to specify DNS- and WINS-addresses per group.. that would be really useful to some
people (like me).

I'd like to be able to specify arbitrary per-group OpenVPN configuration options, in a manner similar to the client-config-dir.
The easiest configuration would probably be something like:

<Authorization>
        ...
        <Group>
                ...
                # OpenVPN Client Configuration
                ClientConfig            
/usr/local/etc/openvpn/client/engineering.conf
        </Group>
</Authorization>

In terms of the existing plugin interface, however, this is not currently feasible. There is no obvious way for the plugin to return a path / setting to the openvpn instance from within openvpn_plugin_func_v1().

-landonf


On Mon, Aug 21, 2006 at 04:07:51PM -0700, Landon Fuller wrote:
I'd like to announce the first public beta release of version 2.0 of
our LDAP authentication plugin for OpenVPN[1] :
        http://dpw.threerings.net/projects/openvpn-auth-ldap/

This release is a vast improvement on the rudimentary 1.0 plugin --
new features include:
        - Full support for LDAP search filters -- no more DN templates
required.
        - Group-based access control. (rfc2307bis / LDAP)
        - Integration with the OpenBSD Packet Filter. Can add and remove VPN
clients to PF tables on connect/disconnect -- even on the basis of
group membership. Tested on FreeBSD.
        - Easy to understand Apache-style configuration file.

I  hope that this plugin will serve as a solid base for adding
additional OpenVPN-specific LDAP features, such as the PF firewall
integration.

This code should be fairly solid -- it has near 100% unit test
coverage, has been subject to full regression testing, and has been
rigorously tested for code errors and memory leaks under valgrind.
The code also operates flawlessly inside of chrooted OpenVPN
instance. We are currently using the module on our production VPN
server.

Built with the distribution is an independent plugin driver that can
be used to test the plugin and your configuration outside of OpenVPN.
After you have built the plugin, the driver can be run as follows:
        ./src/testplugin <config file>
        
Cheers,
Landon Fuller
Three Rings Design, Inc.

[1] Version 1.0 of this plugin was hosted on the OpenDarwin website:
        http://www.opendarwin.org/~landonf/software/openvpn-auth-ldap/



Attachment: PGP.sig
Description: This is a digitally signed message part

Reply via email to