On 19/04/2013 11:13, Adriaan de Jong wrote:
I misunderstood your wish to completely get rid of TLS. That would require a
major overhaul in the way the control channel in OpenVPN is handled. OpenVPN is
completely centered around the idea of a TLS control channel across which data
channel keys are negotiated. Although I'd love to see that kind of flexibility
in OpenVPN, the code base is nowhere near ready for that. It's a nice challenge
though :).
Another, more philosophical, question is whether the product is still OpenVPN
after such a change. It's certainly not line-compatible with OpenVPN.
Hmm, can you give me a pointer to relevant code so that I can get my
hands dirty?
I'm still a bit unsure what you mean by "TLS" though? To my mind it's a
protocol for negotiating parameters and implementing crypto. However, I
*think* that what you might mean is that it's "an API which handles
client session state, timeouts and creating packets to put on the network"?
Perhaps I need to get my hands dirty here... Sounds like we would need
to introduce an abstraction for the TLS session handling so that this
feels clean?
Note, I have a longer term interest here in multi-homing.
Cheers
Ed W
