Re: [Openvpn-devel] combined ndis5 + ndis6 installer ?

[Илья Шипицин]

2016-12-02 11:55 GMT+05:00 Samuli Seppänen :

> Il 02/12/2016 05:54, Илья Шипицин ha scritto:
>
>> unicode nsis is different from ansi nsis. for example, nsProcess needs
>> different dll.
>>
>
> Ok. More research is needed to see what is involved, then.
>
> and, unicode nsis is not shipped in most common Linux repo (you need to
>> install it separately).
>>
>
> Indeed, that was my impression. So far I've only seen NSIS 2.46 or so in
> the distribution repositories, and the link I provided talked about NSIS
> 3.0b or something.
>
> taking the above into account, I think, I should repack the above
>> packages as "makensis3" instead of "makensis".
>>
>
> You mean creating deb/rpm packages for updated NSIS? I think manually
> installing updated NSIS would be good enough, if repackaging proves to be
> too much of an effort.
>

I investigated Fedora (we use CentOS/Fedora) and Debian world.
as for Fedora, it is far from being ready (I'll take care of that)

as for Debian, there's http://deb.debian.org/debian/pool/main/n/nsis/
so, I installed ubuntu 16.04, added "debian experimental" (the above repo),
and voila, I compiled openvpn installer.

I think we can move to unicode nsis right after 2.4



>
>
>> @mattock, which linux distro do you use for release building ?
>>
>
> Right now Ubuntu 14.04, but I should upgrade to 16.04 soon.
>
>
> --
> Samuli Seppänen
> Community Manager
> OpenVPN Technologies, Inc
>
> irc freenode net: mattock
>
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] On saving passwords

[Selva Nair]

On Sun, Dec 11, 2016 at 9:50 PM, Jonathan K. Bullard 
wrote:

But seeing this thread, I am considering having Tunnelblick block
> saving/retrieving of the username or password if --auth-nocache is
> specified in the configuration file. That should make it easier for
> admins because they wouldn't have to set the Tunnelblick preferences.
> I would probably keep the existing mechanism so an admin could allow
> __OpenVPN__ to cache the username/password but not allow the __user__
> to store them.
>

What I've in mind for Windows GUI is to just interpret --auth-nocache to
mean do not save passwords. But if you already have an option to disable it
independently, makes sense to keep it and add this in addition to it.

 Question: Can --auth-nocache be pushed by the server


> If so, is there some way that the management interface specifies that
> --auth-nocache is active when asking for a username/password?


No it cannot be pushed.

If it ever becomes pushable, we should add a don't-cache (and/or
don't-save) hint to the password prompt. Similar to how challenge response
echo directive could be embedded in the prompt. The alternate of parsing
the log for pushed options would be a major pain.. Such a hint or directive
in the prompt is something I would like to have even otherwise.

Selva
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] openvpn windows feed ?

[Илья Шипицин]

Hello,

as we release new versions of openvpn installer, there are at least two
"channels"

a) beta
b) stable

should we also host some rss/atom feed with the most recent versions of 2
channels ?

so, that openvpn-gui could check "for updates"
also, there's an exception for WinXP (which I've no idea what to do with).

it will help users to understand "new version is released, probably I
should upgrade".

it is great amount of work, I think we can schedule it after 2.4

Cheers,
Ilya Shipitsin
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] On saving passwords

[debbie10t]

On 09/12/16 17:38, Selva Nair wrote:
> Hi,
>
> A comment  on the GUI github page said:
>
> "For ISO27001 certification, we are not allowed to let users save their VPN
> passwords locally. Is there a way to remove or disable the 'save password'
> box upon authentication ?"
>
> Although I suggested to use an up script to delete the saved password, the
> GUI displaying a checkbox to save password may not be acceptable to some
> setups. Any idea how widespread a concern is this? Note that the GUI saves
> it encrypted. Personally I believe not saving passwords encourages users to
> choose weak passwords, but we could make the GUI respect any --auth-nocache
> in the config.
>
> More info here (https://github.com/OpenVPN/openvpn-gui/issues/105)
>
> Thanks,
>
> Selva
>

my2c

I think it is down to individual server admins to make this call ..
If they have a policy which demands that passwords not be saved and
openvpn does not have a robust method to do so, what will they do ?

Is it possible to have --push "auth-nocache-override" which enables
client --auth-nocache and cannot be filtered out ?

Regards

--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel