Re: Non default VPN route patch, 1.369
- From: Dan Williams <dcbw redhat com>
- To: Bill Moss <bmoss clemson edu>
- Cc: networkmanager list <networkmanager-list gnome org>
- Subject: Re: Non default VPN route patch, 1.369
- Date: Mon, 16 May 2005 12:13:28 -0400
On Mon, 2005-05-16 at 10:11 -0400, Bill Moss wrote:
> On Mon, 16 May 2005, Tomislav Vujec wrote:
> Bill's reply:
> With vpnc-0.3.2, I stole the vpnc-connect script from Debian and used it
> with Fedora Core. The Debian script added an additional key to vpnc.conf
> called 'Target networks'. The functionality added is precisely what
> Tomislav has added with his patch and the new GConf key 'routes'. I have
> tested it and it works. The motivation for this patch is well stated by
> Tomislav: "In case your home connection is much better than through the
> office, you don't want your default route to go through the VPN. The
> route I use for the office is for the subnet that holds all the critical
> servers I use. I don't need access to the rest of the campus."
>
> On May 14, vpnc-0.3.3 came out. I was expecting it to be backward
> compatible with vpnc-0.3.2 as far as NM is concerned but I was wrong.
> When I try it, vpnc fails to start but I get no error messages from NM.
> Version 0.3.3 outputs more environment variables than 0.3.2. I put the
> list below. When the VPN enabled NM hits the 'streets' this may be an
> issue for people downloading vpnc.
Ok, I think I've taken care of this in
vpn-daemons/vpnc/nm-vpnc-service-vpnc-helper.c revision 1.2. Since the
script now gets called multiple times by vpnc, we exit without doing
anything unless "reason" environment variable is "connect". If it is,
we proceed as normal. It allowed vpnc 0.3.3 to successfully connect to
the VPN concentrator without exiting (though I can't pass traffic
through the VPN on the internal company network).
There's no support for vpnc-returned "split networks" at this time,
though I suppose they do the same thing as the "routes" patch that
Tomislav just sent. Perhaps we can add that functionality a bit later
so that we have a kind of "layer" system: if no vpnc split networks and
no user-defined routes, just make tun0 the default. Otherwise,
user-defined routes would take preference over split networks, though
that's debatable from a sysadmin perspective. If we do honor the
vpnc-provided split networks, we may have to add lock-down on
user-defined networks if sysadmins desire it.
Dan
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
