On 11/16/08, Carsten Krüger <c.krue...@gmx.org> wrote: > Hello Alon, > > > > Also, you can let the user to write his own configuration while you > > just manage the connect/disconnect/authentication phases. > > I think this would be best for advance users. > > > Did the management interface allow this? That would be a security > problem. > Administrator setup two OpenVPN interfaces one with restrictive > firewall, one without. > The user could take the configuration files and exchanges the > used interfaces (change dev-node) -> bad. > > I think the management interface should only allow to start/stop > preconfigured configfiles and only clients ones. > For example my computer has an openvpn server instance (should run all the > time) and one client instance. > The client one should be manageable (start, stop, ask user for auth) > > Opinions?
The management interface manage only running instance of OpenVPN. If you want privilege separation you run OpenVPN service as privilege user with specific configuration, and some UI that use the management interace as regular user. This is why I think that a user interface to OpenVPN should use the management interface and only the management interface, it should not create configuration files and should not capture the openvpn stdout/stderr or assume it has privilege to do anything else. A separate configuration wizard can be provided... it is OK to have this, but currently Windows users do not have any good UI, so having a UI that use the management interface on Windows is a great step forward. Alon.
