Re: vpnc and determining correct routes

[Dan Williams <dcbw redhat com>]

On Tue, 2006-10-24 at 10:58 -0400, Derek Atkins wrote:
> Dan Williams <dcbw redhat com> writes:
> 
> > I've added a dict-based VPN config interface to 0.7/HEAD, which is what
> > should be used here.  The vpnc plugin hasn't been converted over yet,
> > but it will need to be for this to work.  We then simply add a new dict
> > entry with a standard name, say "vpn_routes", which is a dbus array of
> > ipv4 addresses formatted as dbus_uint32_t.
> 
> How is a dbus_uint32_t sufficient to encode a route?  You need at
> least 40 bits to encode a route (32-bit IP/ 6-bit #bits).  Or if you
> prefer a full IP + Mask then you need 64 bits.  It depends on whether
> you want to encode it as A.B.C.D/N or A.B.C.D/E.F.G.H.  In either
> case, a 32-bit number isn't sufficient.

Yeah, sorry, we'll need a few more bits here.  The current code (which I
just looked) just uses strings for the moment.

> 
> >> details in vpnc's code and we already have an interface for those
> >> variables, but I don't really want to add a dbus interface to vpnc which
> >> has not seen a new update for more than  12 months.
> 
> Which is unfortunate -- I wish vpnc would export more of the VPN
> configuration.  I couldn't even figure out how to get NM to call VPNC
> in such a way to actually dump the full configuration debug info to
> syslog!  Either that or the nm-vpnc-service is eating the vpnc debug
> output..  :(

stdout/stderr should be directed to syslog.  In actuality, the vpnc's
stdout/stderr are redirected to nm-vpnc-service's stdout/stderr, which
in turn are redirected to NM's stdout/stderr, which is syslog.

If you want to get the full config,
replace /usr/bin/nm-vpnc-service-helper with a script that dumps the
environment to a file, then calls the actual nm-vpnc-service-helper with
the same command line and environment.

dan

> 
> -derek
>