Hello. On Mon, 2006-10-23 at 09:43, Dan Williams wrote: > On Mon, 2006-10-23 at 15:01 +0200, Stefan Schmidt wrote: > > Right; there's a proliferation of options here. We have a few > situations: > > - Admins route all traffic through VPN, user wishes to override (vpnc > plugin already handles this case) Perhaps a problem with network policy, but the user can override this at the commandline anyway. Should be fine. > - Admins push split networks, but user wishes to override one or more Just to don't get you wrong. The split-net routing is not working without manually setting routes yet, right? As this it was Thomas was talking about. > What's needed here is an extension of the current routing preferences. > We likely need two lists, one for "route only these netblock over the > VPN explicitly" and a second for "never route these netblocks over the > VPN". > > The next problem is split DNS; do people care about that? Ideally we > only query the VPN nameservers for names in a certain domain (passed > vpnc as CISCO_DEF_DOMAIN). Sometimes though, admins don't push the > default domain and you have to manually fill it in for a split network > setup. But that requires using named as a local caching nameserver, > which people, for some inconceivable reason, are very vocally against. > So right now all DNS queries go over the VPN. > > So basically, we have to modify the user interface to: > > - Add a "Never route these over VPN" entry > - Add an "Override default domain name" entry > - Modify the vpnc service daemon to push split networks to NM Same as above. vpnc-plugin don't know the pushed routes yet, right? Sorry for bother about this again and again, but I like to make sure I understand it right. > - Make NM do split DNS if requested > > This stuff won't get into 0.6.4, but I'd certainly accept patches for > 0.7/HEAD. If I could find time to work on it in between dbus-ifying > wpa_supplicant, the new config framework, and multiple active devices, > I'd take a look at it :) That sounds like a lot work. Is the original author of the vpnc-plugin still working on it? Sorry, did not check the cvs for a long time. regards Stefan Schmidt
Attachment:
signature.asc
Description: Digital signature