Re: NM 0.7 & Netscreen/Juniper VPN

[Dan Williams <dcbw redhat com>]

On Tue, 2008-10-07 at 20:52 +0200, Cyril Jaquier wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi all,
> 
> I installed Ubuntu Intrepid on my laptop few weeks ago and I like NM 0.7
> a lot. Thank you for the good work.
> 
> I used to connect to a Netscreen/Juniper VPN with NM 0.6.x using the
> vpnc plugin. I submitted a patch [1] to add support for the "vendor"
> option. Dan committed it I think.

I'm not sure that I did :)  The vpnc plugin doesn't do anything with
vendor AFAIK.  There are two ways to go about this:

1) Have separate options in the VPN creation screen for each vendor that
vpnc supports

2) Have a combo box in the connection config screen for picking your
vendor

Both these options suck, and I wish vpnc could just figure it out
automatically.  In any case, I pick #1.  We simply can't keep adding
config options to the VPN UIs like that.

We need to fix up the GNOME VPN UI plugin API to allow multiple
"variants"; this should only be used in cases like vpnc where there are
significant differences between vendor implementations, enough to
warrant it looking like a completely separate VPN plugin.  (In contrast,
openvpn should NOT have different variants for each of its modes.)

So we add a new capability NM_VPN_PLUGIN_UI_CAPABILITY_VARIANTS and some
calls to get the variant names as a char**.  Then we add a 'GHashTable
*options' argument to nm_vpn_plugin_ui_interface_ui_factory() that's a
string::string mapping in which we'd pass "variant" and the variant the
user chose.

Then we add the Vendor stuff in the vpn plugin itself, which basically
just consists of translating the Variant into the appropriate vendor
key/value pair and adding that to the VPN setting's properties.  Then
the vpn service needs to let that option through verification and ensure
the values are legal.

> I tried to connect to the same VPN with NM 0.7 (Ubuntu Intrepid version
> 0.7~~svn20080928t225540-0ubuntu1) but it does not work. The first step
> of the wizard says that it is "compatible with various Cisco, Juniper,
> Netscreen, and Sonicwall IPSec-based VPN gateways". However, I think it
> is not :( There is no "vendor" option in the connection editor and after
> a quick look at the code, I did not found any references to the
> "--vendor" option used by vpnc.
> 
> Did I miss something? If I'm not, could you add support for
> Netscreen/Juniper VPN again?

I now actually have a Netscreen VPN box so I actually can test this out
too.

Dan

> I already opened a bug report for Ubuntu [2].
> 
> Thank you.
> 
> Regards,
> 
> Cyril
> 
> [1]
> http://mail.gnome.org/archives/networkmanager-list/2008-January/msg00217.html
> [2]
> https://bugs.launchpad.net/ubuntu/+source/network-manager-vpnc/+bug/264443
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkjrr88ACgkQlYy8cEwUMaQCSACgjTdjV2GP2e6Tzt5AQzBRPq1f
> gBMAn3sVr5ivOtbSY4Tp2/z7rQBgV6k0
> =T7IW
> -----END PGP SIGNATURE-----
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list