[vpn-devel] password protection for "VPN Site Configuration"

[Peter Sonntag]

Hi all,

maybe there is a solution to my problem already but I failed to find
it. If so, please instruct me how to solve it and forgive me!

Regarding the VPN-Client on windows I have found, that it is mandatory
to enter a PSK into the site settings when saving a PSK-required site.

Since the site data is stored in the windows registry, I would
consider this as a major security lack e.g. when a laptop is stolen.
You can even export the settings and copy it all over (right out of
the registry!).

When you have no access to the VPN server settings in order to switch
to a different authentication kind, the only way to prevent the site
from beeing connected would be to communicate a request to change the
password on the VPN server which will definately include a delay in
most cases.

There is no way (yet) to store the site data (or install the entire
client) into a crypted volume either, since the site data including
the PSK are stored in the windows registry.

For future versions I would like to suggest to either extend each site
with username/password protection within the "VPN Site Configuration"
or make the PSK not mandatory and ask for it in an extra step before
starting to connect if left empty. Better: Ask for UFQDN-String and
PSK before starting to connect.

I hope there is a way around this already, otherwise I hope this can
be implemented into an upcoming version of the VPN Client which is
working beautifully with all VPN-connections I use!

Would be happy to hear from you,

thanks and best regards

Peter