You might want to look at the client GUI. For example, Tunnelblick (OS X GUI which also includes imbedded tun/tap kexts, OpenVPN and OpenSSL binaries) has just such a "pre-connnection" feature. People can call a script before OpenVPN is started, and when OpenVPN finishes. It is used to do such things as unload Cisico AnyVPN tun before running OpenVPN, and reloading it afterward. Of course, it would be nice to have it be a part of OpenVPN.
On Mon, Oct 18, 2010 at 3:14 PM, Jason Haar <jason.h...@trimble.co.nz>wrote: > On 10/19/2010 07:43 AM, Davide Brini wrote: > > Sorry for the silly question, but how do you expect the OpenVPN link to > be > > established if the computer "does not already have a connection"? > > > > What do you mean with the above statement? > I think he means: if the machine is on the corporate network, then don't > kick off an openvpn connection to the corporate network > > We did that here using firewall trickery. We block access to the openvpn > server ports from the corporate network - that way openvpn can remain > permanently running on all clients, and it will only work when clients > connect from non-corporate networks. > > It's a kludge (hard to scale when you have dozens of corporate Internet > address ranges) - what's really needed is a "--pre-connection" option - > so that we can run scripts before the openvpn service even starts. Then > the "pre" script could explicitly check if the corporate network is > available (eg attempt to download a HTTPS page from an exclusively > internal server) and error if it is - causing openvpn to not attempt to > make a connection > > See "2.1 client - how to autorun script post-connect" for further > comments about why I think a "pre" script option would be a good idea. > > -- > Cheers > > Jason Haar > Information Security Manager, Trimble Navigation Ltd. > Phone: +64 3 9635 377 Fax: +64 3 9635 417 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > > > > ------------------------------------------------------------------------------ > Download new Adobe(R) Flash(R) Builder(TM) 4 > The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly > Flex(R) Builder(TM)) enable the development of rich applications that run > across multiple browsers and platforms. Download your free trials today! > http://p.sf.net/sfu/adobe-dev2dev > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >
