Re: NM with VPN using multiple authentication modes

[Dan Williams <dcbw redhat com>]

On Mon, 2005-10-03 at 20:46 +0530, Ramu wrote:
> Hi list,
> 
> Was perusing the latest HEAD for integrating a VPN service with NM,
> Noticed that as of now, there is just a provision of spawning one
> auth-dialog for getting authentication credentials. 
> 
> But has the list explored the possibilities of having different modes of
> authentication while connecting to a VPN gateway (For instance
> authenticating with cisco using certificate mode and/or by using Group
> authentication) ? 
> 
> In that case one may require to have provision to provide multiple
> auth-dialog boxes in nm-<vpnname>-service.name and to spawn an
> appropriate auth-dialog depending on the authentication method chosen.
> 
> Any thoughts?

This sounds useful and necessary...  We knew that vpnc only does a
subset of the stuff that VPNs need to do.  So we expect to grow out
support for additional capabilities as time goes on, and we really do
need at least one more VPN connector implemented to get an idea of what
else is needed.  If you come up with things that the current VPN
connector support falls short on, that's a good thing :)

There's also issues in NetworkManager itself, since we kind of assume a
tunnel device and the operations surrounding that.  I think OpenSWAN
uses a different mechanism (in-kernel IPSec packet generation or
something?) which would require changes to NM vpn setup code as well.

But we expected that.  So please tell us where stuff needs to get
modified to support whichever VPN client you're attempting to integrate.

I'd like to get David Z. in on this too, so I'll make sure he replies.

Dan