Hello Alon, > Also, you can let the user to write his own configuration while you > just manage the connect/disconnect/authentication phases. > I think this would be best for advance users.
Did the management interface allow this? That would be a security problem. Administrator setup two OpenVPN interfaces one with restrictive firewall, one without. The user could take the configuration files and exchanges the used interfaces (change dev-node) -> bad. I think the management interface should only allow to start/stop preconfigured configfiles and only clients ones. For example my computer has an openvpn server instance (should run all the time) and one client instance. The client one should be manageable (start, stop, ask user for auth) Opinions? greetings Carsten PS: It's great that a gui is developed!
