Re: nm-openvpn: add a custom option field?

On Sun, 2008-10-19 at 20:54 +0200, Christoph Höger wrote:
> Hello,
> I've just closed 
> because the option that was asked for depends on another option that
> does not exist upstream. Having a look at openvpns manpage shows a lot

Because we only support client mode, not --tls-server.  Even though
openvpn is peer-to-peer, one still has to be the "server" for purposes
of the TLS handshake.  Admins probably should not let all their clients
be the TLS server for the handshake.

> of those "you can only use when..." options. I would argue that its
> impossible to bring them all into buttons and sliders. So there will

It is.  OpenVPN is the definition of completely flexible, and utter
unusable all at the same time.  There will always be some options that
the NM OpenVPN client does _not_ support, and I'm fine with that.  5 or
10% of people aren't going to be able to use the NM OpenVPN client
because their admin decided to use some option that we couldn't possibly
cram in to the GUI.  And that's fine.

> still be some people that cannot use their openvpn connection with
> nm-openvpn. Also importing openvpn files (I saw that feature on some
> roadmap) will never work completely. 
> My idea of a solution would be to add a textbox into which users can put
> custom options in pure text, add that field to the config and send
> attach it to the end of openvpn startup parameters.

No, we should not have a "custom" options entry for _any_ VPN client UI.
If it's important enough then we should add it to the GUI after debating
exactly _how_ to add that to the GUI.  If you have a finite set of
options available, you can actually _test_ that set of options and
ensure it works well for everyone, and then responsibly add in the
features that a significant portion of your userbase requests, based on
careful consideration of the tradeoffs.

Every option we add makes the end product less usable.  We must be
thoughtful and responsible.


