[ipxe-devel] openvpn integration in ipxe?

Michael Brown mbrown at fensystems.co.uk
Mon Mar 19 11:07:46 GMT 2012


On Monday 19 Mar 2012 08:39:47 Oliver Rath wrote:
> after a while playing with this fine ipxe thing Ive got the idea, that
> it should be possible to boot over the evil internet ;-) via iscsi, too.
> Now, the security of iscsi-targets is not the very best (man in the
> middle attack of chap-authentifikation etc.).
> 
> On the other side i know, that the space of ipxe is very limited. The
> openvpn project is well established and small in code. What about an
> integration of this in ipxe? I dont know so much about enhancing ipxe,
> Im just happy to be able to script it :-), but if this would be
> possible, I could create a save channel to an iscsi target over the net :-)
> 
> What is the estimation about this idea? Are there smaller
> implementations than openvpn?

I would expect that the existing iPXE crypto code is probably smaller than the 
equivalent functionality in openvpn.  Your best bet would be to implement the 
VPN protocols within iPXE (using the existing crypto support), or to simply 
wrap iSCSI with TLS.

Michael


More information about the ipxe-devel mailing list