-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jul 07, 2015 at 07:55:26AM -0400, James P. Wallen wrote:
[...] > Hi, Tomas! Thanks for your reply. I wish I cold've been more helpful, but hey, you're welcome. > No, my issue has nothing to do with corporate firewalls [...] > Network-manager, as you're aware, has plugins for various types of > VPN software. It's easy to use, but it just seems to be awfully > large and, occasionally, a little trouble-prone compared to wicd. This was my impression too. Since I tend for "simple", I try to avoid NM altogether. > I could generally just use /etc/network/interfaces and associated > stuff, but was looking for a fiddle-free way to make my connections > when I'm moving around while still enabling me to use OpenVPN. Understood. > [...] I want to see if I can figure out how to use > OpenVPN from the CLI or via script using a certificate and password > to connect to my favorite VPN out on the Internet. I see. Again, that's what I'm doing with socat: on the server there's a socat process running as server (duh ;) -- which unwraps the SSL layer and feeds its thing to the ssh server; on the client, a socat opens a local port and I connect my ssh client (courtesy of .ssh/config magic) to that: the socat wraps it in SSL and connects to the server: voilà -- a VPN. To the outside world it looks like any HTTPS connection. Since I have my own certificates, I (hope!) would notice any attempt at MITM. What turned me away from OpenVPN was that it wanted to be a service started at boot time, with all that; besides it wants to do magic to the routing tables and so on. A tad too heavyweight for my taste. But of course, it does many things automagically you'd otherwise have to script. Regards - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlWb0sAACgkQBcgs9XrR2ka8ZQCfYg3FXZuOGyx/szTt/D92peSf S5wAn2nl4T511FKgVWiex+BfW590ISeJ =npSQ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150707132312.ga24...@tuxteam.de
