On 12/27/08, Morten Christensen wrote:
> > OK... but the true protection is the cryptography... So the level of
> > authentication is username/password.
> >
>
> Yes but only if it is coupled with the right certificate.
>
> > Have you tried the dummy scenario.
> >
>
> Yes. Does not work.
> But
Alon Bar-Lev skrev den 27-12-2008 21:20:
On 12/27/08, Morten Christensen wrote:
> I just never had username configuration before... I actually don't
> understand why you need it anyway :)
>
We are combining a certificate without password with authentification
with the username and p
On 12/27/08, Morten Christensen wrote:
> > I just never had username configuration before... I actually don't
> > understand why you need it anyway :)
> >
>
> We are combining a certificate without password with authentification
> with the username and password of the servers.
> I find th
Alon Bar-Lev skrev den 27-12-2008 20:43:
On 12/27/08, Morten Christensen wrote:
Alon Bar-Lev skrev den 27-12-2008 20:11:
On 12/27/08, Morten Christensen wrote:
>
>> Unfortunately I do not know enough about programming to help out here. I
>> just try to make a polite reque
On 12/27/08, Morten Christensen wrote:
> Alon Bar-Lev skrev den 27-12-2008 20:11:
>
> > On 12/27/08, Morten Christensen wrote:
> >
> >> Unfortunately I do not know enough about programming to help out here. I
> >> just try to make a polite request when anybody talks about improving the
> >>
Alon Bar-Lev skrev den 27-12-2008 20:11:
On 12/27/08, Morten Christensen wrote:
Unfortunately I do not know enough about programming to help out here. I
just try to make a polite request when anybody talks about improving the
client-GUI.
Tellme Isn't empty username or dummy one
On 12/27/08, Morten Christensen wrote:
> Unfortunately I do not know enough about programming to help out here. I
> just try to make a polite request when anybody talks about improving the
> client-GUI.
Tellme Isn't empty username or dummy one ignored and replaced by
the server by the CN?
Alon Bar-Lev skrev den 27-12-2008 19:15:
On 12/27/08, Morten Christensen wrote:
Auth-user-pass requires, that we enter both username and password each
time we start a connection. When we know that the username is on the
system in the CN-field of the certificate, it will be nice not to be
On 12/27/08, Morten Christensen wrote:
> Auth-user-pass requires, that we enter both username and password each
> time we start a connection. When we know that the username is on the
> system in the CN-field of the certificate, it will be nice not to be
> forced to enter it on every connection
Alon Bar-Lev skrev den 27-12-2008 16:38:
On Sat, Dec 27, 2008 at 3:08 PM, Jochen Wierum wrote:
What is not implemented - and perhaps will never be - is the possibility
to extract the username out of the CN field of the certificate, because
the management interface doesn't provide functions t
On Sat, Dec 27, 2008 at 3:08 PM, Jochen Wierum wrote:
> What is not implemented - and perhaps will never be - is the possibility
> to extract the username out of the CN field of the certificate, because
> the management interface doesn't provide functions to read these data.
I don't understand...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello Morten,
a few days ago, I checked in a version which runs without
administrator-rights. auth-user-pass is also implemented in trunk/. I
did not release a binary version yet, because it is not well tested.
But if the source is useless for you,
Jochen Wierum skrev den 16-11-2008 16:50:
Morten Christensen wrote:
Jochen Wierum skrev den 11-10-2008 23:19:
Hi,
My name is Jochen Wierum and I'm a student at a university of applied
science in Germany. We work with OpenVPN there. Since a few weeks, we
also have the option to use Smar
On 11/16/08, Carsten Krüger wrote:
> Hello Alon,
>
>
> > Also, you can let the user to write his own configuration while you
> > just manage the connect/disconnect/authentication phases.
> > I think this would be best for advance users.
>
>
> Did the management interface allow this? That would
> Did the management interface allow this? That would be a security
> problem.
--route-method exe
it would be even greater
greetings
Carsten
PS: That's not a gui problem but a clear management interface one.
Hello Alon,
> Also, you can let the user to write his own configuration while you
> just manage the connect/disconnect/authentication phases.
> I think this would be best for advance users.
Did the management interface allow this? That would be a security
problem.
Administrator setup two OpenVPN
On 11/16/08, Jochen Wierum wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi Alon,
>
>
> > You should not do this.
> > You should only use the management interface for all tasks.
>
> I know... but this brings new problems: if the configuration is invalid,
> OpenVPN prints a wa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Morten Christensen wrote:
> Jochen Wierum skrev den 11-10-2008 23:19:
>> Hi,
>>
>> My name is Jochen Wierum and I'm a student at a university of applied
>> science in Germany. We work with OpenVPN there. Since a few weeks, we
>> also have the option
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Alon,
> You should not do this.
> You should only use the management interface for all tasks.
I know... but this brings new problems: if the configuration is invalid,
OpenVPN prints a warning to stderr, but not to the management interface.
That m
Jochen Wierum skrev den 11-10-2008 23:19:
Hi,
My name is Jochen Wierum and I'm a student at a university of applied
science in Germany. We work with OpenVPN there. Since a few weeks, we
also have the option to use SmartCards instead of pkcs12 files.
One problem was, that we have laptops which a
You should not do this.
You should only use the management interface for all tasks.
Your configuration should contain the following:
auth-retry nointeract
management-hold
management-signal
management-query-passwords
management-forget-disconnect
So that you can stop/start tunnel using signal SIGUS
The Problem is that I read STDIN and STDOUT of OpenVPN. To do this, I
have to run my Application at least with the same rights as OpenVPN.
OpenVPN has to run as admin to control the routes and the Tap-Device. So
my application has a problem.
If somebody knows a solution how to run a program as adm
Great!
I was expected PKCS#11 enabled GUI for a long time!
But why does it need administrative rights?
Alon.
On 10/11/08, Jochen Wierum wrote:
> Hi,
>
> My name is Jochen Wierum and I'm a student at a university of applied
> science in Germany. We work with OpenVPN there. Since a few weeks, we
Hi,
My name is Jochen Wierum and I'm a student at a university of applied
science in Germany. We work with OpenVPN there. Since a few weeks, we
also have the option to use SmartCards instead of pkcs12 files.
One problem was, that we have laptops which are used by many people with
different SmartC
24 matches
Mail list logo
