VIMAGE and OpenVPN idea...

[Poul-Henning Kamp]

Here is an idea for an interesting little project:

Imagine a firewall where all the external interfaces are
confined in a jail which has no IP-connectivity to the
rest of the machine.

Start OpenVPN outside the jail, have it setup a two-way pipe
and fork a childprocess, which attaches to the jail and performs
out all public-side socket operations inside the jail, passing
only the raw encrypted packets over the pipe.

Tada:  Nothing in the jail can be hacked...

Only problem is:  OpenVPN doesn't know this trick.

But how hard could that be ?

Somebody[tm] should do that...


-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.