Re: [Openvpn-users] what is best practice of location detection ?

Tue, 13 Feb 2018 13:05:53 -0800 

On 13/02/18 17:21, Илья Шипицин wrote:
> personally, I would like something like "preconnect script" which will check
> something and decide "we are in a place, where vpn is not needed"

This feature has been requested numerous times.  And it is not needed.
Really.  You have the management interface which can be done to resolve
exactly that problem.

- OpenVPN is configured with --management and --management-hold

- Start the management client script
  - polls for the OpenVPN management port to become available if it is not
    getting a connection instantly
  - once connected, it can do whatever queries/preparations needed
  - sends the 'hold release' command on the management inteface

- OpenVPN starts connecting to the remote server

And if OpenVPN looses its connection, the management interface can capture
that and do whatever it needs to do.  And if OpenVPN stops running/dies, this
management client script can even detect that and do whatever is needed in
this scenario as well - like restarting OpenVPN.

In fact - you can even *modify* the remote and proxy settings on-the-fly if
your management script figures that's even better.

Bringing up the "preconnect script" is just beating a dead horse.  That
feature is not remotely as powerful as what we already have in OpenVPN today.


--
kind regards,

David Sommerseth
OpenVPN Inc.



> 2018-02-13 18:19 GMT+05:00 Aleksandar Ivanisevic <aleksan...@ivanisvic.de
> <mailto:aleksan...@ivanisevic.de>>:
> 
>     What would the purpose of that detection be? I delist the vpn server DNS
>     entry in the internal DNS horizon and firewall off the port, to prevent
>     people from unnecessarily connecting from the inside.
> 
> 
>     On 13.02.2018 11:03, Илья Шипицин wrote:
> 
>         hi.
> 
>         as openvpn is a road warrior thing (well, mainly), it makes sense to
>         determine whether user is inside or outside of office.
> 
>         which methods of "i'm in the office already" detection do you use ?
> 
>         thanks!
>         Ilya Shipitsin
> 
>

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to