Hi, Thanks for the follow up.
On Fri, Jul 6, 2018 at 12:03 PM, Kevin Kane via Openvpn-devel <openvpn-devel@lists.sourceforge.net> wrote: > [Combining threads.] > > > > The work on the OpenSSL fork, and figuring out just what the right interface > is to bring PQ crypto to current crypto libraries, is going to be on-going. > PQ crypto algorithms don’t fit so well in the common conventions we’ve > become accustomed to for current algorithms. > > > > As for the dialer, I need to look into getting approval to upstream it, but > I expect I can share it. The goal of that work was to have some real basic > integration with the network connections flyout that appears when you click > its icon in the notification area. What I’ve done is modest, though, so let > me make clear what I’ve actually done. I changed OpenVPN-GUI when it starts > up to create such an entry for each configuration file it finds, and if the > user clicks “Connect” on one of those entries, it’s exactly the same as if > the user brought up the right-click menu for OpenVPN-GUI’s icon, selected > that configuration file, and clicked Connect. The plug-in sends the exact > same Windows message to OpenVPN-GUI, which causes it to bring up its status > window and instruct the system service to establish the connection. That’s > it. > > > > So there are some caveats. 1) OpenVPN-GUI has to be running; the plug-in > will complain if it’s not. In fact OpenVPN-GUI clears out the list when it > exits cleanly. 2) If OpenVPN-GUI crashes, the entries will be left in the > list but won’t be usable for anything. I prefix each entry with the string > “OpenVPN “, though, and the next time it runs it will clean up these > entries. 3) Because OpenVPN uses tap-windows instead of the normal Windows > NDIS devices for the networking, the flyout can’t detect whether or not the > connection is active or not, and so it will always present a “Connect” > button. OpenVPN-GUI ignores this when the connection is already alive, so > nothing bad happens, but it can be a confusing experience. I didn’t > investigate what it might take to get tap-windows to surface its > connected/disconnected state to the flyout in the correct way, nor did I > investigate if this could be used to automatically bring up connections on > demand or before login. I had looked at the dialer.c code and came to the same conclusion -- that it needs a lot more work to be usable. The dll is barebones: implements only connect (not even disconnect), communication with the GUI uses PostMessage with menu-ids (flakey and one way), the GUI is not brought to the foreground on connect, so password prompts and other popups show minimized etc. etc. It also pollutes the control panel -> Network connections with an entry for each config. As for connect before login, running the entire GUI and openvpn code as system is a no-no. Instead the dll can be extended with minimal code for starting openvpn (spawning it with minimal privileges). But in that case wont it be better to implement the Pre-Logon_access-Provider (PLAP) interface which appears to be meant for such purposes? Selva ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
