[ipxe-devel] openvpn integration in ipxe?
Michael Brown
mbrown at fensystems.co.uk
Sun Mar 25 00:39:38 UTC 2012
On Monday 19 Mar 2012 11:38:23 Oliver Rath wrote:
> hI Michael!
> > I would expect that the existing iPXE crypto code is probably smaller
> > than the equivalent functionality in openvpn. Your best bet would be to
> > implement the VPN protocols within iPXE (using the existing crypto
> > support), or to simply wrap iSCSI with TLS.
>
> I think, enabling chap in combination with TLS is a good possibility. Is
> it configurable out of the box or is some additional coding work
> necessary? How is the call for this? Something like
>
> sanboot iscsis:..
> or
> sanboot iscsi+tls://.. ?
>
> Have never seen this before.
Unfortunately there's no standard for iSCSI using TLS. You could fairly
easily create support for an x-iscsis:// protocol in iPXE (you wouldn't need
more than a few lines of code; see net/tcp/https.c for an example). At the
server end, you could use something like stunnel.
Michael
More information about the ipxe-devel
mailing list