Re: [Openvpn-devel] OpenVPN Interactive Service Branding

Mon, 30 Oct 2017 08:07:24 -0700 

Hi,

On Mon, Oct 30, 2017 at 4:41 AM, Simon Rozman <si...@rozman.si> wrote:

> Hi Selva,
>
> We are considering distributing a local copy of OpenVPN with eduVPN Client:
> - To provide better app isolation;
> - To allow eduVPN to manage and update own OpenVPN copy.


This is fine, but I would like to see eduVPN usable as a GUI for the
official distribution as well (see below):


>
> The problem is one cannot run two openvpnserv.exe services at the same
> time, because the service control named pipe is hard-coded to
> "\\.\pipe\openvpn\service".
>
> While reviewing the openvpnserv.exe source code, I noticed on the other
> hand, that registry key is configurable as 
> "HKEY_LOCAL_MACHINE\SOFTWARE\<PACKAGE_NAME>".
> Analogous to that, I have created a patch https://github.com/Amebis/
> openvpn/commit/103f07e54f8c672e1fa220ef197d26692c5d1300 to support
> "<PACKAGE_NAME>" configuration of named pipes as well.
>

Instead of a pipe name set at compile-time, I think its better to make this
customizable by the installer. That is,
we could take service name from an optional registry entry so that it may
be renamed by the installation package.

That way eduVPN's GUI will remain compatible with official service if a
user wishes to use it as a replacement for OpenVPN-GUI


> Along with https://github.com/Amebis/openvpn/commit/
> 082e0c0de2d79ac61cae33128d8b35b392fba664 and


The hard coded admin group name is only a default to fall back on, when no
entry is found in the registry. Just set the desired name in registry while
installing the package.

https://github.com/Amebis/openvpn/commit/9084c4822b83ed77b7bedf938acb3d
> 0dd8c3b382 patches to make OpenVPN Administrators group and OpenVPN
> firewall rule names configurable as well.


The firewall rules are always added to the same sublayer by all instances
of openvpn. And this has to remain so to avoid conflicts between rules
added by multiple instances. A name change will only affect error messages.
If that is the aim, why pick only the firewall code?

Selva

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to