Hi, On Sat, Apr 12, 2014 at 10:16:53PM -0700, Kevin Cernekee wrote: > Sometimes it is desirable to establish VPN connections without setting > up a kernel tun/tap device. Possible use cases include: > > - Routing traffic from different applications through different VPNs. > > - Connecting to multiple VPNs (clients, sites, ...) that have > overlapping IP ranges. > > - Connecting to multiple VPNs that each advertise their own default > route and/or DNS settings. > > - Situations in which direct access to the VPN from all processes/UIDs > is not necessarily wanted, impairs performance, or presents an > unacceptable risk of intrusion or data leakage. > > - Multiuser systems or container-based VPSes. > > - Other situations in which the openvpn user or program is not trusted > to reconfigure a tun/tap device.
I can see that you might want that, but I do not think we want this in
OpenVPN.
It brings in a fair bit of extra code complexity, more arcane options, and
code that needs to maintained and tested across all supported platforms.
I think the goal can in most cases be achieved using SSH port forwarding -
or OpenConnect, or a myriad of other "tunnel this file descriptor for me"
tools. OpenVPN will do tun/tap, and do that well.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpkWakqp65T9.pgp
Description: PGP signature
