Always Use VPN w/ this Connection (was Singe DES encryption should be enabled)

From: Jack Spaar <jspaar users sourceforge net>
To: networkmanager-list gnome org
Subject: Always Use VPN w/ this Connection (was Singe DES encryption should be enabled)
Date: Fri, 23 Feb 2007 23:24:29 +0000 (UTC)

On Fri, 23 Feb 2007 01:12:47 -0500, Jon Nettleton wrote:

> <clip>
> 
> So I fired up glade and threw together some code to take the vpn dialogs
> through another iteration.  I have some screenshots that can definitely
> use some critiquing.
> 
> http://www.hekanetworks.com/~jnettlet/NetworkManager/nm-openvpn-newest-main.jpg
> 
> http://www.hekanetworks.com/~jnettlet/NetworkManager/nm-openvpn-newest-advanced-network.jpg
> 
> http://www.hekanetworks.com/~jnettlet/NetworkManager/nm-openvpn-newest-advanced-encryption.jpg
> 
> 
Hi Jon and everybody,

As a VPN and NM user it makes makes me happy to see progress in the VPN
area.  These mock-ups sparked a thought about a possible feature.  It
would just rock if I could tell NM to "Always use a VPN with this
Connection".

I currently use dispatcher scripts to kluge this (including ugly stuff to
get VPN passwords from the sorta API-less gnome-keyring).  But these
mock-ups have got me thinking about how to do it "right".  I know that
ideas are way cheaper than patches, but maybe we can at least sanity-check
the concept for now.  Google Summer of Code project anyone?

So is this a even a good idea and is it a good fit for NM's goals?
Can a clean/simple UI be imagined?  This is critical.
Is it just too early for NM to be thinking about this feature?

I kind of think that Jon's patches prove that it's not too early to at
least flesh the idea out, if people are interested.

One thing I am pretty sure of is that this could only be done well by
integrating it into NM proper.  That's true both for the UI and for
under-the-hood.

On the UI side, I guess there would be a "use a VPN with this connection"
checkbox on the "Create a new wireless network" dialog, a prompt to choose
the VPN later (and make default?), and a way to change it later. I'm fuzzy
on this, and a good UI really drives the rest of the implementation.  Are
there UI bits to specify whether/how often to retry a dropped VPN, or is
that too messy for "Just Works(TM)"?

A great feature (and one my dispatcher script kluge can't do) would be to
prevent exposure to the insecure network when the VPN is not up yet or has
dropped.  To me that seems like the greatest under-the-hood challenge and
would require architectural guidance from Dan and Co.  That's just not
something to be patched up without adult supervision.

Even without a feature that ties the network's advertised connection
status to the VPN's state, it could still be useful in the same way
dispatcher scripts currently are.  It just becomes "*Start* a VPN w/ this
Connection" instead of "*Always Use* a VPN w/ this Connection".  Maybe
that's a decent first step.  The next step being "also try to keep the VPN
alive", and then finally "don't connect without the VPN."

Any thoughts on whether this is useful/appropriate/realistic ? It seems at
least the "Start a VPN automatically" is within easy reach.

Any thoughts on what would be a great UI for this?

--Jack Spaar

Follow-Ups:
- Re: Always Use VPN w/ this Connection (was Singe DES encryption should be enabled)
  - From: Dan Williams

References:
- Singe DES encryption should be enabled
  - From: =?iso-8859-1?q?Olaf=20Telsh=F6rner?=
- Re: Singe DES encryption should be enabled
  - From: Dan Williams
- Re: Singe DES encryption should be enabled
  - From: Jon Nettleton
- Re: Singe DES encryption should be enabled
  - From: Jon Nettleton

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]