About 2008-03-04 17:05 -0500, Joe Kemp voiced:
I want to try to use stunnel as a "simple" client vpn. It solves all of my encryption issues but I would like to verify a username/password before it lets the traffic through. I didn't see any patches or hacks out there that did this. Has this been attempted before or am I on my own. I would also be interested in other solutions based on openssl that are not network device level VPNs clients.
You want to use X509 certificate verification. It's the way authentication is done in the SSL world. It's built into Stunnel.
You may also want to look at tappipe, which is Michal's VPN-over-Stunnel package. I use it very successfully for a few of my connections.
Already using client side certificates and I know that is the normal SSL authentication mechanism....
Then why don't you want to use them? ;-)