Things to do for vpn-udp $Id: TODO,v 1.2 2001/08/30 18:31:41 chris Exp $ * Replay detection In principle an attacker could spoof things using a replay attack. We should maintain a buffer of checksums of recent packets, so that such attacks can be detected and ignored. * Wrapper program It would be useful to have a wrapper program which allowed VPNs to be started without having root on both ends of the link. It's possible that sudo can be used for this; however, some means for making the start/stop scripts trusted is required. I think that the best possibility here is a tiny setuid-root C wrapper around startvpn which can be invoked remotely and verifies the program's arguments. * Log output of commands When we run things to start/stop the network, we should log their standard output and standard error, so that these don't get lost.