Hi!

I'm working on a project that will require that I set up many nodes (raspberry pies, at the moment) to connect to a VPN (I'm thinking of using openvpn). In order to try to minimize my work while still keeping things to using a plain user and not a root account to set up each node, I ended up asking myself something like: Is there an openvpn wrapper available for a given language (say python) that could connect to the openvpn server and be available to create sockets (which would not be kernel-based sockets nor routing nor anything but completely process based).

Something like https://github.com/0xa/pyopenvpn, perhaps??? But it hasn't had any work in the last 2 years and it only supports UDP.

Thanks in advance.

From my understanding network-manager will work. It has a command line interface and it runs as a service, allowing you to run openvpn as a service. I have no idea what the sockets thing is all about. Normally the client opens a socket to the server, which opens a socket in and a socket out for each client.

Openvpn normally uses udp only, but it can use tcp.

What I'm talking about is, say, a process-based encapsulation layer for openvpn that could open up objects with a socket-like interface (that would use the openvpn encapsulation in order to send traffic to the other side of the openvpn connection) that therefore would not require to modify host's configuration files which would, normally, require root access because a plain user shouldn't be able to run openvpn under normal conditions (not considering the changes that are introduced at the networking layer on the host by the setup of an openvpn connection).

I think I could write wrapper scripts for openvpn that could then be configured with sudo so that plain users could call them and that could take care of the details.... then a python script could take care of controlling this openvpn processes. Perhaps I shouldn't try to go that "elegant" and stick with the simpler solution.