Re: Static and dynamic wired interface

Dan Williams wrote:
On Wed, 2008-09-10 at 12:01 +0300, Kristian Slavov wrote:

Is NM capable of handling the following scenario?
A laptop, when located at office, has a static address. Once outside, DHCP is used to get an address.

NM 0.7 is, but since you're mixing the two there will be some manual
operation on your side since there's not a good generic way to
autodetect what network you're on when you plug in the cable.

You'll create two wired connections in the connection editor.  One is a
DHCP connection with 'autoconnect=true', and the second is the static
connection with 'autoconnect=false'.  Manual intervention will be
required when you want to use the static connection at the office.

What should happen is this:

1) When you're outside the office, the DHCP connection will
automatically be used because it's 'autoconnect=true'.  If there isn't a
DHCP server present, NM will fail the connection and wait for you to do
something, or for a link change event.

2) At the office, NM would try DHCP first and then fail the connection
after the DHCP timeout because of course there's no DHCP server.  At any
point here you then choose the static connection from the applet menu,
and NM will activate the static connection at your command.

Unfortunately the office network has also a DHCP server.

People have tossed around ideas like ARPing a known gateway's IP address
and matching the ARP response to a known MAC address and then activating
that connection, but that's pretty fragile and trivial to maliciously

This is the kind of functionality that I currently have with some custom made scripts. I understand the issues, but so far consider the risks quite negligible. I'm 99.9% sure I can differentiate when I'm at office and when not. So in my case an arping based insecure network detection with a pop-up saying "Connected to X", would be sufficient.

However, I do realize that the whole point of the NM is to be as simple (and automatic) as possible for ordinary people. If people start trusting this too much, problems will surely arise.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]