[Vpn-help] FW: Connection before domain login
Matthew Grooms
mgrooms at shrew.net
Sun Dec 13 13:58:57 CST 2009
Greg Julius wrote:
>
> Hi Matthew,
> I'd certainly be willing to help out in this regard. I do some programming
> (.net stuff) and am currently writing a multi-threaded SFTP client (using
> some purchased components - I'm not THAT up on Cryptography).
>
Did you pay for components yet? I have an SSHv2 implementation based on
OpenSSL libcrypto that I wrote from scratch in c++ 5 or 6 years ago. I
had meant to publish the source code somewhere but never got around to
it. I wrote it to provide modular libraries because it was such a pain
to integrate PuTTY code into a GUI app. It has an SFTP module that was
way faster than the PuTTY code, but maybe they have improved theirs
since then. There are front ends too with SSH, telnet, serial along with
a VT1XX emulator that I wrote to replace the PuTTY console. I had a file
manager like GUI app that supported FTP and SFTP. The only thing that I
remember having problems with was tunneling support which probably still
needs some work. You would probably only find the core SSH/SFTP library
useful since all the UI stuff was written in C/Win32. Anyway, its all
just setting in my local repo collecting dust ( which would need to be
brushed off :).
> I have gotten the ipsecc command to start from the command line and am
> pretty sure I could get it to work using the srvany functionality of the
> admin kit. The problem I saw is exactly what you mentioned.
>
> My thoughts on that subject were "I wonder if there is a .dll that I could
> supply all the needed info to that doesn't have any UI interface at all"
>
> The problem I noted when I started the ipsecc command was that it opened a
> small task bar icon and that's a UI element. I would need a switch that
> said "no ui at all". I suspected that it was also storing stuff in HKCU as
> well (I hadn't investigated yet). The HKCU isn't really a problem because I
> can supply a userid to the service and that would place all of the HKCU
> stuff under that userid.
>
> The second problem I thought of was how to stop things. The service detects
> the start, stop, and shutdown commands and the service would need to
> communicate the stop and shutdown to the ipsecc command (short of just
> aborting the thread). So, the hoped for ".dll" would need a "StartRun" and
> a "StopRun" method.
>
> I suspect that there already exists such a .dll and so creating a service
> wrapper around it shouldn't be very difficult (my ignorance may be showing
> in that statement!).
>
Unfortunately there is only a GUI version of VPN conenct for the windows
platform. The 2.2.x branch has a command line ikec version ( the unix
equivelent of ipsecc ). We plan to port all GUI components to windows
from the public source code instead of maintaining separate QT4, Windows
and OSX front ends. Once we do, a command line version will also be
available for windows. It may also be possible to develop custom front
ends using a published interface library which would be useful for what
you propose. Unfortunately, this won't happen for some time.
> Once I have a service that can read it's configuration from "pick-a-place",
> and start and stop a connection, I would have enough in place to create
> something for my users that would work behind the scenes. A small API to
> the service could be created and used by an external UI (or a Credentials
> Provider) to supply dynamic parameters (such as user ID and the like).
>
> In any event, if you are willing, I'm willing to help craft such a service.
>
I appreciate your willingness to pitch in. Its just not the right time
for us at Shrew Soft to tackle this issue and we have very limited dev
resources at the moment.
> And thanks to you for creating this software in the first place! I find
> cryptography a bit challenging to understand and I'm sure glad to have
> something not written by the big boys! You (and the rest of the maillist) I
> can at least talk to and get decent answers!
>
No problem. Sorry we can't provide this feature. With any luck, we will
be able to tackle it sometime in 2010.
-Matthew
More information about the vpn-help
mailing list