Hi,
On Thu, May 26, 2016 at 4:40 AM, Lamsoge, Abhijit <Abhijit.Lamsoge@harman
.com> wrote:
> Hi All,
>
> I am trying to write python and C based application for modifying
> “OpenVpn” in client mode via management interface.
>
> I need to do the following
>
> - Update the remote server the vpn client connects to at runtime
>
>
>
> However, the current existing management interface works like
>
> - First connects to existing specified.
>
> - And only on reception of event, can the management interface
> send a new remote site to client.
>
> I want to
>
> - Start openvpn in client mode, and then via my application tell
> openvpn to connect to a remote site, without the reception of event as
> specified in the document for management interface.
>
>
>
> Is there a way to do this ?
>
> Or maybe I am just lame to not understand it.
>
As JJK wrote, --management-hold would greatly help in this case though
not absolutely necessary. What you want to do would work without
management-hold but it would be harder to figure out what state openvpn is
when the app connects to the management interface (MI). So, start openvpn
with the necessary options including --management-query-remote and add
--management-hold to the options. Have your application connect to the MI.
The rest of the dialog could go as shown below as an example:
Text following "OVPN:" are received from openvpn while the text following
"APP:" is what to send back. Some of the errors shown depend on options in
the config, actual remote name used etc..
OVPN: >INFO:OpenVPN Management Interface ..
OVPN: >HOLD:Waiting for hold release
APP: log on (if desired)
APP: state on (will be required for the app to figure out when connection
is established/failed etc..))
The application goes about doing whatever tasks until ready to connect
APP: hold release
OVPN: SUCCESS: hold release succeeded
OVPN: >REMOTE:somehost,1051,udp
At this point openvpn has not even tried to connect to the remote.
Here "somehost" is the remote name in the config or command line -- it need
not be a valid server, but something must be specified.
APP: remote MOD vpn.example.com 1151
OVPN: SUCCESS: remote command succeeded
OVPN: >STATE:1464276809,RESOLVE,,,,,,
OVPN: >STATE:1464276809,RESOLVE,,,,,,
OVPN: >STATE:1464276809,RECONNECTING,init_instance,,,,,
(Note: use "log on" and parse the >LOG lines to figure why is it
reconnecting -- resolv failed in this case, as expected)
OpenVPN goes back to "on-hold"
OVPN: >HOLD:Waiting for hold release
APP: hold release
OVPN: SUCCESS: hold release succeeded
OVPN: >REMOTE:somehost,1051,udp
APP: remote MOD vpn.mydomain.com 1151
OVPN: SUCCESS: remote command succeeded
OVPN: >STATE:1464277194,RESOLVE,,,,,,
OVPN: >STATE:1464277194,WAIT,,,,,,
OVPN: >STATE:1464277194,AUTH,,,,,,
OVPN: >STATE:1464277195,GET_CONFIG,,,,,,
OVPN: >PASSWORD:Verification Failed: 'Auth' .....
OVPN: >STATE:1464277195,RECONNECTING,auth-failure,,,,,
OVPN: >HOLD:Waiting for hold release
APP: hold release
OVPN: SUCCESS: hold release succeeded
OVPN: >REMOTE:somehost,1051,udp
Note the remote name reverted back what is in the config or command-line
APP: signal SIGHUP
(to forget the resolved IP and start afresh)
..
..
OVPN: >HOLD:Waiting for hold release
etc..
Test using telnet to figure out various failure cases that may have to be
handled in the application.
Selva
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
