Juan Rodriguez Hervella <j...@it.uc3m.es> said: > Hello, > > I've just realized that openVPN-1.6rc1 only supports > "inetd nowait" for the TLS case. > > I understand that it is not possible to have "nowait" behaviour > for multiple clients with different secrets, but it would be still possible > to have "nowait" functionality + a single secret. Every client should > have the same secret key which is not a good way of having security, > but anyway...this could be a warning instead of the current message: > "nowait functionality is only allowed for TLS".
That's a good point, though I would argue that (a) static key sharing across different tunnels isn't such a good idea and (b) it's easy to patch if you don't care about the security implications. > Even if you don't want cryptography at all, the forking server is > an interesting feature that should be let available, imho. 2.0 will have a better arsenal of multi-client server capabilities, and for now I'm not too keen on supporting --inetd nowait aside from the special case that it was designed for which is TLS security over a tap interface. James
