From: ummeegge <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH v2] CRL updater: Update script for OpenVPNs CRL
Date: Wed, 14 Feb 2018 15:09:22 +0100 [thread overview]
Message-ID: <1518617362.3543.51.camel@ipfire.org> (raw)
In-Reply-To: <308F9A2C-5BD2-4DAB-AF11-FE5EC375E232@gmx.com>
[-- Attachment #1: Type: text/plain, Size: 2279 bytes --]
Hi Michael,
Am Dienstag, den 13.02.2018, 16:21 +0200 schrieb Horace Michael:
> Hi Erik,
>
> On February 13, 2018 12:00:12 PM GMT+02:00, ummeegge <ummeegge(a)ipfire
> .org> wrote:
> >
> > Hi Michael,
> >
> > Am Dienstag, den 13.02.2018, 08:07 +0200 schrieb Horace Michael:
> > >
> > >
> > > Please consider to add auth-nocache also in order to get rid of
> > > the
> > > warnings for caching credentials.
> > just to bear in mind, if we set auth-nocache and a user/password
> > authentication has been configured manually by the user (IPFire do
> > not
> > provides this currently), there is the need to authenticate again
> > after
> > a session key has been expired.
> If an IPFire user manually changed the standard configuration of
> OpenVPN and add passwd authentication then he/she should assume also
> the impact - entering the credentials on key renewing or changing the
> config and removal of --auth-nocache directive.
>
The removal is kind of unpractical if we hardcode --auth-nocache it can
be indeed manually deleted in ovpnmain.cgi but it won´t be consistent
for coming updates.
If someone uses user/pwd auth via manual configuration it might be
easier for the first to add also --auth-nocache into the local configs
if wanted ? In some cases this might be also a problem e.g. for every
kind of automation (such as larger backups e.g.) whereby processes will
be stopped if no user interaction is made.
In my opinion there should be a checkbox for this available but this
kind of contradicts also the current usability for keeping it as easy
as possible even this option is for an default IPFire configuration
useless.
But this are only my two cents on this topic, if this is wanted from
the core developer side this should be made very quickly but i would
do/discuss this in an own topic but also after we have finished the
OpenVPN-2.4 update.
There is also the need to think about a lowered --script-security level
(from 3 to 2) which matches also this topic i think and also some other
possible (and already fixed) warnings --> https://bugzilla.ipfire.org/s
how_bug.cgi?id=11364 like e.g. the MTU warning which should also be
thinking about but also better tested...
Nevertheless it might be nice if you stay tuned in this topic.
Greetings,
Erik
next prev parent reply other threads:[~2018-02-14 14:09 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-30 16:38 [PATCH] OpenVPN: Update to version 2.4.4 Erik Kapfer
2018-01-30 20:00 ` Michael Tremer
2018-02-02 6:34 ` [PATCH] CRL updater: Update script for OpenVPN CRL Erik Kapfer
2018-02-02 10:51 ` Michael Tremer
2018-02-02 19:19 ` ummeegge
2018-02-03 20:20 ` ummeegge
2018-02-06 0:44 ` Michael Tremer
2018-02-06 9:24 ` ummeegge
2018-02-06 16:34 ` Michael Tremer
2018-02-06 20:09 ` [PATCH v2] CRL updater: Update script for OpenVPNs CRL Erik Kapfer
2018-02-06 21:45 ` Michael Tremer
2018-02-07 17:31 ` Erik Kapfer
2018-02-11 22:25 ` Michael Tremer
2018-02-13 6:02 ` ummeegge
2018-02-13 6:07 ` Horace Michael
2018-02-13 10:00 ` ummeegge
2018-02-13 14:21 ` Horace Michael
2018-02-14 14:09 ` ummeegge [this message]
2018-02-13 13:13 ` ummeegge
2018-02-14 12:22 ` Michael Tremer
2018-02-14 13:24 ` ummeegge
2018-02-14 20:27 ` Michael Tremer
2018-02-15 6:18 ` ummeegge
2018-02-15 11:05 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1518617362.3543.51.camel@ipfire.org \
--to=ummeegge@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox