Re: vpnc and determining correct routes



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Dan Williams schrieb:
> Correct, it doesn't care about the environment variables that vpnc
> pushes out for split routing yet.
And this is the problem for me. I don't know how these variables gout be
obtained by vpnc plugin in an elegant manner. Maybe I missed some
details in vpnc's code and we already have an interface for those
variables, but I don't really want to add a dbus interface to vpnc which
has not seen a new update for more than  12 months.

> Not a ton of work, you just need to know where to put the code.  I'd be
> happy to point people in the right direction.
I think I already know (roughly) where to put the code to and I think I
could work on it. Sorry if this was not clear from my first mail, but my
intention was to ask for possibility to do it, not to let others do it ;-)

In case we find a solution for getting the required information by vpnc,
here are the issues I see:
- - DNS. Linux's resolver (at least for my Ubuntu distro) only allows 3
DNS servers. How should split DNS be handled if the VPN's DNS server
provides domain names for hosts in the VPN but not for hosts in the
Internet and the ISP's DNS does not provide domain names for hosts in
the VPN?
- - How much flexibility should the user be given? Or in other words, how
far should NM compensate for incompetent netowkr admins? I would say
that a simple override for *all* of vpnc's routes would be sufficient.
This would mean that the UI stays as it is and that someone can either
use the routes the concentrator provides or specify his own routes. For
users who know what they do, this is as much flexibility as they may
need, for user who don't know, it won' help one way or the other without
the admin helping them, and in this case the admin might fix his network
setup right away.

If everything is sorted out and I still have the time, I'll try to write
the required patches. It doesn't seem to be too much code for me, as
long as I don't have to hack up vpnc itself to provide a new interface.

Regards,
Thomas

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFPNk+xVmZpTAq4IgRAlWsAJ9uokAiBqmoeMs178YdU9QoLDYzFACfTb9K
HpqVZyZLkHuY1FA/HK84xus=
=/p0f
-----END PGP SIGNATURE-----



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]