Hi Arne and everyone, Thank you for your reply. Ok so first of all I didn't know about this --float option so thank you for pointing that out.
Let me explain the problem I'm trying to solve with an example: User A wants to access an FTP server in his company's private network which is sitting behind an OpenVPN server. User A uses a mobile device with an OpenVPN client and and FTP client. User A uses OpenVPN client to establish a VPN tunnel with the company's VPN server. User A get's a private IP from the VPN server. User A uses the FTP client to connect to the FTP server establishing an app-to-app channel (socket). User A starts download a very large file. User A is driving his car and going on a road trip. He loses internet connection. Here is two scenarios: - User A gets a new internet connection getting new public IP, you're saying with the float option OpenVPN can resume the VPN connection even with the user A's public IP changed? - What if user A doesn't get his internet connection until after say 2 hours, Normally the VPN connection will timeout and will terminate, hence the FTP connection will terminate. Right? What I'm trying to do is to find a way to help the FTP client and the FTP server to maintain their app-to-app connection while the VPN tunnel is broken. When user A (after getting the new internet connection hence new public IP) establishes a new VPN connection, getting a new private IP from the VPN server, I want the previous VPN session to be resumed taking in consideration the new public and private IPs of the client. So what I'm thinking of doing is to make some changes to OpenVPN behavior by doing the following: * when the ftp client wants to establish a socket with the ftp server. instead of having a direct connection between the ftp client and the ftp server I wanna do the following: * we split that TCP connection (FTP) into three ways: * when the OpenVPN clients see the TCP connection request. It forwards to the Open VPN server asking it to establish an FTP connection between the OpenVPN server and the FTP server. * once the OpenVPN server does that, it tells the OpenVPN client that the connection is established. * notice now the FTP server thinks he's connected to the VPN server so even if the VPN tunnel breaks that FTP channel between the VPN server and the FTP server is intact. * Also the FTP client can always send it's data which OpenVPN client pick from the tun module. So this also will remain intact if the VPN tunnel is broken. * Now once the VPN tunnel is broken, both the VPN client and the VPN server will have a caching module to cache the FTP client's and the FTP server's packets, once the VPN tunnel is recovered the cached packet will be sent to their destination. * The VPN server will have to account for the changes in the client's IPs for sure. Can you tell me if the current OpenVPN implementation account for that scenario? and How much changes do I have to make to accomplish such a thing? It doesn't have to be perfectly functional this is more of a research and I want to publish my work to the public in case anyone wants to do further development. If my explanation wasn't clear enough please don't hesitate to ask me to clarify any point. I would really appreciate to hear what you think about this problem. Thank you Arne, - Ab On Aug 23, 2013, at 3:38 AM, Arne Schwabe <a...@rfc2549.org> wrote: > Am 23.08.13 02:48, schrieb Abdullah Alshalan: >> Hi all, >> I'm not sure if I'm sending this email to the right development group >> so I apologize if it's not. >> >> I'm trying to reach the open vpn development team or anyone who has >> experience with OpenVPN development. >> I started working on a project to implement an open-source, true >> Mobile SSL VPN and I'm finsihed with a detailed framework design. I >> know OpenVPN has released OpenVPN connect for smart phones but what I >> want to add is mobility features. Meaning the VPN session survives any >> network interruptions due tp switching from one network to another, >> thus getting new IP addresses or during lack of network coverage for >> some time. >> >> My question is how big of a project is this going to be? I mean is it >> something one person can handle or needs a team of experience network >> programmers? >> Are there any books or any sort of documentation that helps >> understand and modify the OpenVPN source code? >> > I am not quite what you aiming at. OpenVPN does support changing IP > addresses when both sides use --float. > > Arne
