On Wednesday 01 November 2006 04:54, James Yonan wrote: > > OpenVPN 2.2 or 2.5 > ------------------ > > This release will be open to patches which extend OpenVPN > functionality without requiring a major rewrite of the core. > Features that fit into these constraints include allowing the > OpenVPN server to listen on multiple TCP and UDP ports > simultaneously or improving/merging additional IPv6 functionality. > > There are a couple of useful new features already finished for > OpenVPN 2.2: > > * Added connection profiles feature. See <connection> > documentation in man page. > > * Added --disconnect-while-inactive feature. See > man page. > > Download via subversion: > > svn co > https://svn.openvpn.net/projects/openvpn/branches/BETA22/openvpn
What about: 1. Handling privilege dropping correctly, so that client can drop privileges before connect. 2. Allow management interface to prompt for identity (out of several), so that smartcard id can be chosen by the user. This will enable the computer to have only one OpenVPN configuration file, and still suite many users. 3. Allow the management to perform private key operations, so that pre-authenticated keys can be used out of an agent, or different sources, such as KDE, smartcards or any other storage. (This makes 2 obsolete). The will enable OpenVPN to be configured with the same settings for every users and every computer in a workgroup, and allow the GUI to prompt the user for the right credentials, remember user settings and such. It is important to take the CryptoAPI and PKCS#11 out of the daemon, since the daemon context will not always have access to smartcard resources. So CryptoAPI and PKCS#11 code will be moved out of OpenVPN executable into a library so that management application will be able to use this functionality if they wish to, or replace it with different implementation. The library will also implement regular PKCS#12 based identity, so that the daemon will not have direct access to users' keys. As part of this, a simple management client console application will be implemented, to allow users a quick startup. 4. On my TODO there is the certificate chain verification, and CRL dynamic update... To allow multiple CAs and update CRL on request. Best Regards, Alon Bar-Lev.
