Hi On Mon, Jan 11, 2016 at 10:27:21AM -0500, Stefan Monnier wrote: > > Inspired by Gert Doering (but don't blame him for any of my bad ideas > > : ), I'm considering adding a feature to Tunnelblick (a FOSS GUI for > > OpenVPN on OS X) that would allow a standard user on a Mac to install > > "safe" OpenVPN client configurations without requiring administrator > > credentials. > > Reminds me: I'd love to see a fully-unprivileged OpenVPN client, which > would not use a tun/tap interface and kernel-level routing features, but > instead would use something like LD_PRELOAD to subvert the > C library calls to networking functions.
Can be done, won't be OpenVPN then. More like "ssh -D"...
You can't just intercept stuff like socket() or connect() without either
doing similar to SOCKs forwarding [thus, "ssh -D"], which would require
server side support - or you'd have to reimplement the whole TCP/IP stack
in userland so it would work with an unmodified OpenVPN server, which
expects "packets", not "connection requests"...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
