Hi list, I'm actually doing a training in a company looking at openvpn for vpn ssl use.
But there're actually several not_yet_developped features which are necessary for the usage we want to do of openvpn. We are satisfied of openvpn certificate handling, but we use them only to authenticate a computer and not the user behind the screen, so the first thing we would like to develop is extended authentication like a couple of login/password. But in this aim, we would like to get these authentication data via a LDAP directory which regroup all users/groups authentication data. And, for now, our final requirement is network ACL support for those users/groups: if 'this' user connect to the vpn, so he's allowed to use this subnet and this subnet, but not all others. those info would be stored in the LDAP dir and apply by a iptables-like firewall located on the openvpn server. I think this could be achieve by executing a sh/perl script requiring just the username and getting directly ACL in the LDAP dir. So no real FW should be include into openvpn. I'm *very* conscient these features are really hard work to do because they ask me to add them to openvpn. So my questions are: - what do you think about those features? - because I'm not yet a good coder, is there people availables to help to begin make a patch for openvpn? - you great developpers of openvpn, are there some start point to understand before trying to 'hack' openvpn? To the question 'GPL?' I answer 'SURE' because my company and I love free software. I understand all of this represent really hard work, but I've to do it, so I ask your help :-) Didier ps: and sorry for my horrible english :-/
