* Add a simple username/password back-end
* session resumption in main TLS
* Handle multiple clients in a single tun device (check if needed at all)
* Run a server up/down script
* Keep the TLS key and certificates into the privileged process and use IPC
  for operations (this will make the privileged process a bottleneck).