[ipxe-devel] openvpn integration in ipxe?

Michael Brown mbrown at fensystems.co.uk
Sun Mar 25 00:39:38 UTC 2012

On Monday 19 Mar 2012 11:38:23 Oliver Rath wrote:
> hI Michael!
> > I would expect that the existing iPXE crypto code is probably smaller
> > than the equivalent functionality in openvpn.  Your best bet would be to
> > implement the VPN protocols within iPXE (using the existing crypto
> > support), or to simply wrap iSCSI with TLS.
> I think, enabling chap in combination with TLS is a good possibility. Is
> it configurable out of the box or is some additional coding work
> necessary? How is the call for this? Something like
> sanboot iscsis:..
> or
> sanboot iscsi+tls://.. ?
> Have never seen this before.

Unfortunately there's no standard for iSCSI using TLS.  You could fairly 
easily create support for an x-iscsis:// protocol in iPXE (you wouldn't need 
more than a few lines of code; see net/tcp/https.c for an example).  At the 
server end, you could use something like stunnel.


More information about the ipxe-devel mailing list