Re: [gnome-network]Re: gnome-network VPN client

[Paul Coates <Paul Coates ncl ac uk>]

On Mon, 2003-10-27 at 11:42, Rodrigo Moya wrote:
> On Mon, 2003-10-27 at 12:29, Paul Coates wrote:
> > On Sun, 2003-10-26 at 11:46, Rodrigo Moya wrote:
> > > On Sat, 2003-10-25 at 14:24, Paul Coates wrote:
> > > > Rodrigo,
> > > > 
> > > > I was wondering if there were any plans down the road for VPN client
> > > > software in gnome-network?
> > > >
> > > we have talked somewhat about it, but nothing really clear has come out
> > > of that. But yes, I suppose we really want to have that in
> > > gnome-network.
> > > 
> > > >  I recently wrote a very simple GTK2 client
> > > > program for our users, replacing the pptp-php-gtk package at
> > > > http://pptpclient.sourceforge.net/ which uses gtk 1.x
> > > > 
> > > > I'm guessing that the need for the kernel module providing MPPE
> > > > encryption will be a problem.
> > > > 
> > > > My program is very simple as all the options are preset so our users
> > > > don't have to do any configuration themselves, but I was planning on
> > > > developing the software further to provide full functionality provided
> > > > by pptpclient. (I've got screenshots on my test web server at
> > > > http://linux.ncl.ac.uk/vpn/new.php)
> > > > 
> > > > Is this the sort of thing you would be interested in or do you have your
> > > > own plans for VPN including IPSec etc.
> > > > 
> > > yes, we want this. Although I suppose we want more than a simple client
> > > program. I am not an expert at all on VPN, so excuse me if I'm wrong,
> > > but I think what we want is some sort of integration into the login
> > > system, don't we? That is, we could have the GDM login screen allow
> > > login into the VPN directly. Or am I wrong, and just the client program
> > > is enough?
> > > 
> > > What are your thoughts on that?
> > 
> > My experience with VPN's is limited to connecting to our Microsoft VPN
> > servers using PPTP and MPPE encryption...
> > 
> > I always considered VPN to be similar to dialup, both provide a new
> > network interface with an IP address on the remote network, and you need
> > to setup your routing to play nice with the other network interfaces.
> >
> hmm, ok.
> 
> > Following that thinking the best way to to start a VPN connection is the
> > same way as a dialup connection. Yes this could be automated in some way
> > using a logon script if you have a real network connection, but what if
> > you want to switch to another VPN server or start a second VPN
> > connection to another remote network.
> > 
> right. Does all this need root access, or can any user start VPN
> connections without root access?

The script to create the connection must be run by root (it uses pppd).
I cheated a bit to make it easy for my users, the GUI can be run by
anyone which then uses sudo to run the script.

> 
> > Another problem I am having now that I've started thinking more about
> > this, do we want to limit who on a computer can use a VPN connection and
> > if so how do we do that (connection sharing). Do we allow multiple users
> > to start and modify a VPN's settings?
> > 
> hmm, this sounds a lot like ppp connection setup, which we dropped in
> favor of having it in gnome-system-tools (a more admin-like set of
> tools). If users need root access, and things work as other network
> interfaces, this sounds much better to be implemented in
> gnome-system-tools.

Hmm. I did not realise ppp stuff was going to be handled by gst and not
gnome-network. I'll have to give gst a whirl and see how much it
overlaps/can be adapted to handle VPN using pptp.

Paul

> 
> Please correct me if I'm wrong, I have never used a VPN, so I dont know
> what I'm talking about :-)
> 
> cheers
> 
> _______________________________________________
> gnome-network-list mailing list
> gnome-network-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnome-network-list
>