[Standards-JIG] vpn on-demand
motienko at gmail.com
Fri Apr 7 20:06:57 UTC 2006
As you know, there is beautiful and simple VPN implementation called
OpenVPN. It can work over tcp or udp connection and can do tunneling
of routed ip (tun interfaces) and even ethernet traffic (tap
interfaces). It works via NAT and HTTPS proxy too.
I have an idea to make JEP for dynamic VPN configuration, such as
OpenVPN or another one (like pppd+ssl etc). So, jabber users can setup
peer-to-peer VPN on demand.
For example, two clients want to setup temporary OpenVPN channel with
static key (see OpenVPN manual):
I suppose such algorithm:
1) Initial requests (selecting OpenVPN parameters such as client or
server, NAT or proxy mode, tun or tap mode etc).
2) Server generates temporary "static ssl key" for this session and
sends it to client via xmpp.
3) Server starts to listen for incoming connection.
4) Client starts OpenVPN connection to server.
More information about the Standards