[Vpn-help] FW: Connection before domain login

Matthew Grooms mgrooms at shrew.net
Sun Dec 13 13:58:57 CST 2009 

Greg Julius wrote:
> 
> Hi Matthew,
> I'd certainly be willing to help out in this regard.  I do some programming
> (.net stuff) and am currently writing a multi-threaded SFTP client (using
> some purchased components - I'm not THAT up on Cryptography).
> 

Did you pay for components yet? I have an SSHv2 implementation based on 
OpenSSL libcrypto that I wrote from scratch in c++ 5 or 6 years ago. I 
had meant to publish the source code somewhere but never got around to 
it. I wrote it to provide modular libraries because it was such a pain 
to integrate PuTTY code into a GUI app. It has an SFTP module that was 
way faster than the PuTTY code, but maybe they have improved theirs 
since then. There are front ends too with SSH, telnet, serial along with 
a VT1XX emulator that I wrote to replace the PuTTY console. I had a file 
manager like GUI app that supported FTP and SFTP. The only thing that I 
remember having problems with was tunneling support which probably still 
needs some work. You would probably only find the core SSH/SFTP library 
useful since all the UI stuff was written in C/Win32. Anyway, its all 
just setting in my local repo collecting dust ( which would need to be 
brushed off :).

> I have gotten the ipsecc command to start from the command line and am
> pretty sure I could get it to work using the srvany functionality of the
> admin kit.  The problem I saw is exactly what you mentioned.
> 
> My thoughts on that subject were "I wonder if there is a .dll that I could
> supply all the needed info to that doesn't have any UI interface at all"
> 
> The problem I noted when I started the ipsecc command was that it opened a
> small task bar icon and that's a UI element.  I would need a switch that
> said "no ui at all".  I suspected that it was also storing stuff in HKCU as
> well (I hadn't investigated yet).  The HKCU isn't really a problem because I
> can supply a userid to the service and that would place all of the HKCU
> stuff under that userid.
> 
> The second problem I thought of was how to stop things.  The service detects
> the start, stop, and shutdown commands and the service would need to
> communicate the stop and shutdown to the ipsecc command (short of just
> aborting the thread).  So, the hoped for ".dll" would need a "StartRun" and
> a "StopRun" method.
> 
> I suspect that there already exists such a .dll and so creating a service
> wrapper around it shouldn't be very difficult (my ignorance may be showing
> in that statement!).
> 

Unfortunately there is only a GUI version of VPN conenct for the windows 
platform. The 2.2.x branch has a command line ikec version ( the unix 
equivelent of ipsecc ). We plan to port all GUI components to windows 
from the public source code instead of maintaining separate QT4, Windows 
and OSX front ends. Once we do, a command line version will also be 
available for windows. It may also be possible to develop custom front 
ends using a published interface library which would be useful for what 
you propose. Unfortunately, this won't happen for some time.

> Once I have a service that can read it's configuration from "pick-a-place",
> and start and stop a connection, I would have enough in place to create
> something for my users that would work behind the scenes.  A small API to
> the service could be created and used by an external UI (or a Credentials
> Provider) to supply dynamic parameters (such as user ID and the like).
> 
> In any event, if you are willing, I'm willing to help craft such a service.
> 

I appreciate your willingness to pitch in. Its just not the right time 
for us at Shrew Soft to tackle this issue and we have very limited dev 
resources at the moment.

> And thanks to you for creating this software in the first place!  I find
> cryptography a bit challenging to understand and I'm sure glad to have
> something not written by the big boys!  You (and the rest of the maillist) I
> can at least talk to and get decent answers!
> 

No problem. Sorry we can't provide this feature. With any luck, we will 
be able to tackle it sometime in 2010.

-Matthew

More information about the vpn-help mailing list