OpenVPN ctl

Role model
Login
Home Timeline Branches Tags Tickets Wiki Login
Help

There are three roles involved in OpenVPN operations:

  1. OpenVPN server administrator
  2. Client machine administartor
  3. End user, which use VPN connection

Typically two of these roles are performed by one physical person. Either user does maintainance task for his laptop himself, or corporate sysadmin looks after both VPN server and user laptop.

But conceptually all three roles are different.

End User

Really all this stuff exists only for end user to do his work from remote location. So, we need to design system to require mininmum hassle on his side.

User, even if he is not a system administrator of his laptop, has enough power over the computer. He can turn it off and on, move from place to place, insert USB devices (including modems and network adapters), connect to Wi-Fi networks and plug ethernet cable in and out.

So, he should have enough power over VPN connection to accomodate all these configuration changes. At least, he should be able to connect and disconnect any of the connections at his wish.

User doesn't neccessary have a technical knowledge. So, he don't want to read all the log messages when things are going smoothly. But if something breaks, he want to be able to ask right questions to knowledgable person.

So, logs should be accessable for him.

It is a hard question if user should go into such obscure matters as proxy configurations. But probably allow user to configure proxy is a only way to give VPN access to say, manager working from the client office.

Computer administrator

It is a person who manages software on client computer. He probably wants to prevent user from accidently messing up with carefully crafted configuration. (Even he is the same person as user). He doesn't like to make the same job twice. So, if for some reason (such as certificate rollover or server name change) network administrator provides new configuration files, he wants to just drop new file in place of old one, without need to edit it and incorporate local configuration.

If user comes to him with problem report, he wants to have full information of incident and don't rely on user words. So, we probably need a button "Send report to system administrator", which would include log messages, information collected from system configuration (such as current network settings) and user remarks.

Network administrator

He has lot of users, with lots of differnet OSes, mobile and full-functional. So, he wants not to bother himself with details of particular system. He just gives config which would work with Windows openvpn, and expects that user (or computer adminstrator) knows what to do with it.

This page was generated in about 0.015s by Fossil 2.21 [3c53b6364e] 2023-02-26 19:24:24