Re: [Hamlib-stationserver] Notional Software "Stack" Diagram for Discussion
Library to control radio transceivers and receivers
Brought to you by:
n0nb
Menu
▾
▴
Re: [Hamlib-stationserver] Notional Software "Stack" Diagram for Discussion
|
From: Tony L. <vk...@gm...> - 2014-03-06 22:01:27
|
On 7/03/2014 2:48 AM, Art Botterell wrote: > It could. However, that gets back to an underlying requirement, the one for the ability to have multiple client connections with varying levels of privilege (read-only, read-write, admin, etc.) That varying-levels bit implies being able to verify who's who, else the distinction is pointless... much simpler just to make every connection full-privilege. I agree here. Stationserver is not intended to be multi user aware. It's for controlling a single station by a single person, so giving every connection full privilege makes perfect sense here. Multi user capabilities (validation, user auhentication, access control, etc) are best left to an optional remote base add-on. > Yes, that's why I suggested an established, state-of-the-art package like OpenVPN rather than a "roll your own" approach. It's a turnkey solution, no programming involved, and it's been refined and vetted over a number of years by actual security boffins. I'd encourage folks to learn about it, if only as another tool in the toolkit. It is a good package. I used to use it for VPNs years ago, when I had a need for a true VPN - for connecting LAN segments together, as well as individual mobile users to the LAN. The only reason I don't use it today is I have inbuilt IPSec support at both ends (router and mobile devices), and the router doesn't support OpenVPN - I'd have to install it on the one Linux netbook that runs 24x7. So I am quite familiar with OpenVPN and would highly recommend it. > > But again... and I'll say it one last time and then give up... using a VPN is about much more than just security. Well, if we decide to go the mandatory OpenVPN route, we should have the Stationserver installer (1) make sure OpenVPN is installed and functional, and (2) configure it on the server and clients so it "just works" with minimal effort. While OpenVPN is relatively easy to configure, networking tends to baffle most hams, so the more we can do for end users, the better. -- 73 de Tony VK3JED/VK3IRL http://vkradio.com |
