An anonymous reader writes: I need some legal advice from slashdot...
In order to support OpenVPN on mobile platforms, the only decent user experience for configuration is the OpenVPN Access Server interface. The user types in the name of your server and their credentials and they're all configured. If you want the same thing with the OpenVPN community server, you'll probably want the same user experience. A simple tcpdump and analysis with wireshark shows this to be a simple XML-RPC interface. Client support can be achieved implementing just four methods. I'd love to put something together to go with the community client with its easy-rsa configuration... but I'm not sure if I'll run afoul of the DMCA.
Is this reverse engineering? Does simply looking at and decrypting a TCP stream that I have the key to and control of both devices communicating?
Is the work I've done allowed under the reverse engineering clause of the DMCA? If I understand correctly, it is allowed so long as I have not agreed to a EULA that says I won't reverse engineer. The OpenVPN AS server software only asks me to agree to the eula after I run ovpn-init, to which I type "no". Yet the server still starts up without runing ovpn-init.
I think I'm in the clear on this, but I've not yet decided if I want to risk potential legal hassle. So, if nothing else, hopefully this will help anyone else who wants to implement a compatible client or server.
What do you think?