Re: VPN architecture

From: Dan Williams <dcbw redhat com>
To: Colin Walters <walters verbum org>
Cc: networkmanager-list gnome org
Subject: Re: VPN architecture
Date: Sun, 7 Nov 2004 20:46:25 -0500 (EST)

On Sun, 7 Nov 2004, Colin Walters wrote:
> So to implement this, I'm thinking that we define a new service,
> org.freedesktop.NetworkManagerVPN.  NetworkManager would then
> talk to this service (probably implemented as a separate daemon)
> when networking parameters change.  The VPN daemon would then
> invoke methods on NetworkManager, like:
> void org.freedesktop.NetworkManager.VPNActive(in string name)
> void org.freedesktop.NetworkManager.VPNInactive(in string name)
> void org.freedesktop.NetworkManager.AddRouteIPv4(in string netmask, 
>                                                 in string gateway,
>                                                 in string device)
> void org.freedesktop.NetworkManager.AddNameserverIPv4(in string quad)
> void org.freedesktop.NetworkManager.AddNameserverIPv4Routed(in string quad, in string netmask)

I actually really like this idea, though you could argue in some way that 
a VPN _is_ a network connection.  However, to keep the logic simpler, it 
would suffice to have VPN-specific stuff in a separate daemon, and we 
could refine the interface between the two so they have what they need.

> To really implement this well though, NetworkManager will have to start
> driving things at a lower level.  For example, instead of simply exec'ing
> dhclient, NetworkManager should speak DHCP itself (as a separate process though
> still), and e.g. gather a list of returned nameservers itself, then
> add the VPN ones to it and synthesize /etc/resolv.conf.  Also,

This is something I've thought about for a while, I'm thinking that it 
might end up being necessary to take over dhclient and Make It Our Bitch.  
Its under a 3-clause (non-advertising) BSD-type license, not sure how that 
works with GPL code, though NetworkManager is doing the calling here.

> to implement AddNamserverIPv4Routed, NM will really have to run its own
> caching nameserver.

This was the suggestion of Jason VasDias, instead of restarting nscd all 
the time.  Using the caching-nameserver package (which integrates with 
dhclient in some ways) would work better, in his opinion, than nscd does.

Dan

Follow-Ups:
- Re: VPN architecture
  - From: Colin Walters

References:
- VPN architecture
  - From: Colin Walters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]