I am sorry if all or some this have already been mentioned before, but I didn't manage to find it (expect Autologin, which is on the top at the moment
). So, I work as a network engineer and been working only with the major commercial vendors like: Cisco, Palo Alto and Fortinet. Now, I am looking for a solution to support a project I have been assigned to, but it looks like we will have to re-think again, since OpenVPN lacks some important features we would have to implement for the client.Always-On - it would be great to add support for the always-on option. Always-On option such as: pre-logon (device) tunnel, user (after logon) tunnel... are a must for the company that wants to enforce its security policy all the time.
Shutdown Protection - this is a logical addition to the aforementioned feature. It would be great to have an option which would prevent a user from shutting down the application without some kind of an authorization check (e.g. authorization code, password, etc.). If the user is able to quit the application, you can not enforce the security policy all the time.
Certificate Deployment - option to deploy server and/or client certificates to the end device. This is a great feature in case where you don't have an internal PKI infrastructure or having an external user connecting and want to use certificates for authentication. It would also make things like SSL Decryption easier, since you would be able to deploy a certificate for the inspection (yes, there are cases where you want to do these and they are completely legitimate). Palo Alto have this functionality implemented through its portal pretty nicely.
Push Client Configuration - in case where you want push client configuration to different group of users. After authentication, based on the user group membership, or some other attribute retrieved from the authentication server, the client would download .ovpn file dynamically.
So, I am not trying to reinvent the wheel, just listing some of the standard features incorporated into the leading commercial products I have been working with. Too bad that such options are missing from the otherwise great product, I believe.
Hope to see at least some of this features implemented in some future releases.
Keep doing the great work.