This was meant to be a quick and simple integration. The problem with Disconnect is the problem I mentioned below: since OpenVPN uses a nonstandard driver for the network communications, the UI will never present a Disconnect button, and so there's no way to actually call the Disconnect function in a custom dialer DLL.
If anything, you may find the plumbing for hooking into the UI as the real value of this code, and then implement something real and usable on top of it. I never considered these use cases before this discussion. -----Original Message----- From: Selva Nair <selva.n...@gmail.com> Sent: Friday, July 6, 2018 9:37 AM To: Kevin Kane <kk...@microsoft.com> Cc: Илья Шипицин <chipits...@gmail.com>; Gert Doering <g...@greenie.muc.de>; openvpn-devel <openvpn-devel@lists.sourceforge.net> Subject: Re: [Openvpn-devel] Upstreaming pqcrypto changes from microsoft/openvpn Hi, Thanks for the follow up. On Fri, Jul 6, 2018 at 12:03 PM, Kevin Kane via Openvpn-devel <openvpn-devel@lists.sourceforge.net> wrote: > [Combining threads.] > > > > The work on the OpenSSL fork, and figuring out just what the right > interface is to bring PQ crypto to current crypto libraries, is going to be > on-going. > PQ crypto algorithms don’t fit so well in the common conventions we’ve > become accustomed to for current algorithms. > > > > As for the dialer, I need to look into getting approval to upstream > it, but I expect I can share it. The goal of that work was to have > some real basic integration with the network connections flyout that > appears when you click its icon in the notification area. What I’ve > done is modest, though, so let me make clear what I’ve actually done. > I changed OpenVPN-GUI when it starts up to create such an entry for > each configuration file it finds, and if the user clicks “Connect” on > one of those entries, it’s exactly the same as if the user brought up > the right-click menu for OpenVPN-GUI’s icon, selected that > configuration file, and clicked Connect. The plug-in sends the exact > same Windows message to OpenVPN-GUI, which causes it to bring up its > status window and instruct the system service to establish the connection. > That’s it. > > > > So there are some caveats. 1) OpenVPN-GUI has to be running; the > plug-in will complain if it’s not. In fact OpenVPN-GUI clears out the > list when it exits cleanly. 2) If OpenVPN-GUI crashes, the entries > will be left in the list but won’t be usable for anything. I prefix > each entry with the string “OpenVPN “, though, and the next time it > runs it will clean up these entries. 3) Because OpenVPN uses > tap-windows instead of the normal Windows NDIS devices for the > networking, the flyout can’t detect whether or not the connection is active > or not, and so it will always present a “Connect” > button. OpenVPN-GUI ignores this when the connection is already alive, > so nothing bad happens, but it can be a confusing experience. I didn’t > investigate what it might take to get tap-windows to surface its > connected/disconnected state to the flyout in the correct way, nor did > I investigate if this could be used to automatically bring up > connections on demand or before login. I had looked at the dialer.c code and came to the same conclusion -- that it needs a lot more work to be usable. The dll is barebones: implements only connect (not even disconnect), communication with the GUI uses PostMessage with menu-ids (flakey and one way), the GUI is not brought to the foreground on connect, so password prompts and other popups show minimized etc. etc. It also pollutes the control panel -> Network connections with an entry for each config. As for connect before login, running the entire GUI and openvpn code as system is a no-no. Instead the dll can be extended with minimal code for starting openvpn (spawning it with minimal privileges). But in that case wont it be better to implement the Pre-Logon_access-Provider (PLAP) interface which appears to be meant for such purposes? Selva ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
