Re: more VPN thoughts

[Colin Walters <walters verbum org>]

On Fri, 2004-11-12 at 23:01 +0100, Tom Parker wrote:
> Colin Walters wrote:
> > So how do we answer that?  One approach might be to define it as
> 
> As I'm seeing it there's two different problems
> 1) You want access to services that may be not available from your 
> current location and connection (random servers in some corporate or 
> otherwise location), and if you can't get to them, then VPN or 
> equivalent should be switched on to tunnel through to where the useful 
> things are.

Right; although right now I'm just assuming all these inaccessible
servers are accessible through the same means.

> 2) You're on a limited-access wireless (wired? never seen this, but 
> theoretically possible for public "plug in a laptop" scenarios) network 
> bouncing HTTP requests to a "switch on the VPN"/"do other auth things" 
> page. Which ideally we should detect/notify without the user having to 
> realise that's why their IMAP requests aren't getting through.

Yeah, I don't have any clever ideas for this.  A lot of users will
probably end up going to a web site first anyways, or they'll read the
"How to network" instructions which will say to go to a website.

So these two things are related, but the limited-access/wifi auth
situation is just to really use the wireless at all - even after that
you need the VPN.  So, hm - we really want a way to know when we're
online so that we can start the VPN stuff.  

This situation is also related to the (somewhat pathological, I suppose)
case of the "vpnonly" wireless network here at work which only lets you
do anything at all, including access to the Internet, over the VPN.