Re: [Openvpn-devel] OpenVPN in the Hypervisor

2012-05-08 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/05/12 15:50, Tom Kent wrote: >> But... I don't think that OpenVPN is the right approach as it is > not peer-to-peer solution. > > I agree that this is not the optimal solution, especially for > large/high bandwith setups. I was just looking for

Re: [Openvpn-devel] OpenVPN in the Hypervisor

2012-05-08 Thread Tom Kent
> But... I don't think that OpenVPN is the right approach as it is not > peer-to-peer solution. I agree that this is not the optimal solution, especially for large/high bandwith setups. I was just looking for something that I could get going with what I have today. My ideal setup would be a

[Openvpn-devel] [PATCH] management: Don't require DAF_INITIAL_AUTH to send ADDRESS/DISCONNECT messages

2012-05-08 Thread Adrien Bustany
From: Adrien Bustany DAF_INITIAL_AUTH will only be set if a password was needed for client authentication. This means that for password-less certificate authentication, no DISCONNECT/ADDRESS messages would be sent. --- src/openvpn/manage.c |4 ++-- 1 files changed,

[Openvpn-devel] [PATCH] Don't require DAF_INITIAL_AUTH to send ADDRESS/DISCONNECT messages

2012-05-08 Thread Adrien Bustany
From: Adrien Bustany As discussed in [1], here is a cleaned up version of my patch to fix the sending of CLIENT:ADDRESS/CLIENT:DISCONNECT message on the management interface when using password-less TLS certificate authentication. It seems that DAF_INITIAL_AUTH is now

Re: [Openvpn-devel] OpenVPN in the Hypervisor

2012-05-08 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/05/12 03:03, Tom Kent wrote: > I had an idea I wanted to run by people and see if its > feasiblehere goes. > > I've been hearing a lot about "virtualized" networking for VMs and > that got me thinking. It seems like OpenVPN would be a good

Re: [Openvpn-devel] openssl ouch

2012-05-08 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/05/12 10:30, Samuli Seppänen wrote: > >> Jan Just Keijser wrote: >>> ouch: http://www.openssl.org/news/secadv_20120419.txt >>> >>> we need to investigate whether and how openvpn is affected. >>> >>> >> did somebody end up writing an

Re: [Openvpn-devel] openssl ouch

2012-05-08 Thread Samuli Seppänen
> Jan Just Keijser wrote: >> ouch: >> http://www.openssl.org/news/secadv_20120419.txt >> >> we need to investigate whether and how openvpn is affected. >> >> > did somebody end up writing an 'authoritative' answer to the question if > and how openvpn is affected by this bug? > > cheers, > > JJK

Re: [Openvpn-devel] [RFC] Split plugins into their own repositories

2012-05-08 Thread Samuli Seppänen
> Hello David, > > On Mon, May 7, 2012 at 10:33 AM, David Sommerseth > wrote: > > > >> The reason I don't see the benefit of splitting out the plug-ins as >> much is that they all depend on OpenVPN. You can not make much use of >> these plug-ins without having

Re: [Openvpn-devel] OpenVPN in the Hypervisor

2012-05-08 Thread Gert Doering
Hi, On Mon, May 07, 2012 at 09:03:17PM -0400, Tom Kent wrote: > The idea I had, and wanted to run by, was if it would be possible to > integrate an openvpn client into the hypervisor's virtual network card. > This would make it so that from the moment the VM boots up, it is only > connected to

Re: [Openvpn-devel] openssl ouch

2012-05-08 Thread Samuli Seppänen
> Jan Just Keijser wrote: >> ouch: >> http://www.openssl.org/news/secadv_20120419.txt >> >> we need to investigate whether and how openvpn is affected. >> >> > did somebody end up writing an 'authoritative' answer to the question if > and how openvpn is affected by this bug? > > cheers, > > JJK

Re: [Openvpn-devel] OpenVPN in the Hypervisor

2012-05-08 Thread Alon Bar-Lev
On Tue, May 8, 2012 at 4:03 AM, Tom Kent wrote: > I had an idea I wanted to run by people and see if its feasiblehere > goes. > > I've been hearing a lot about "virtualized" networking for VMs and that got > me thinking. It seems like OpenVPN would be a good tool that could

Re: [Openvpn-devel] openssl ouch

2012-05-08 Thread Jan Just Keijser
Jan Just Keijser wrote: ouch: http://www.openssl.org/news/secadv_20120419.txt we need to investigate whether and how openvpn is affected. did somebody end up writing an 'authoritative' answer to the question if and how openvpn is affected by this bug? cheers, JJK

Re: [Openvpn-devel] [PATCH] Signed-off-by: Jan Just Keijser <janj...@nikhef.nl>

2012-05-08 Thread Jan Just Keijser
Hi Adriaan, Adriaan de Jong wrote: +void +tls_ctx_load_ecdh_params (struct tls_root_ctx *ctx, const char *curve_name +) +{ +#ifdef USE_SSL_EC + if (curve_name != NULL) + { +int nid; +EC_KEY *ecdh = NULL; + +nid = OBJ_sn2nid(curve_name); + +if (nid ==

[Openvpn-devel] OpenVPN in the Hypervisor

2012-05-08 Thread Tom Kent
I had an idea I wanted to run by people and see if its feasiblehere goes. I've been hearing a lot about "virtualized" networking for VMs and that got me thinking. It seems like OpenVPN would be a good tool that could join a group of VMs into their own private LAN, basically segregating them