[openstack-dev] [Neutron] SSL VPN Implemenatation
Zang MingJie
zealot0630 at gmail.com
Tue Apr 29 06:02:40 UTC 2014
Hi all:
Currently I'm working on ssl vpn, based on patchsets by Nachi[1] and Rajesh[2]
There are secure issues pointed by mark, that ssl private keys are
stored plain in database and in config files of vpn-agents. As
Barbican is incubated, we can store certs and their private keys in
Barbican. But after checking openvpn configurations, I don't think
there is any way to prevent storing private key in openvpn config
files without modify the openvpn implementation.
I have also made several changes, added a optional port field to
sslvpn-connection table, integrated with service plugin framework
(I'll follow service flavor framework when it is ready), and completed
the neutronclient part. It is already developed in our testing
environment, I'll upload my patch sooner or later.
[1] https://review.openstack.org/#/c/58897/
[2] https://review.openstack.org/#/c/70274/
More information about the OpenStack-dev
mailing list