Dan Williams wrote:
On Wed, 2008-09-10 at 12:01 +0300, Kristian Slavov wrote:Hi, Is NM capable of handling the following scenario?A laptop, when located at office, has a static address. Once outside, DHCP is used to get an address.NM 0.7 is, but since you're mixing the two there will be some manual operation on your side since there's not a good generic way to autodetect what network you're on when you plug in the cable. You'll create two wired connections in the connection editor. One is a DHCP connection with 'autoconnect=true', and the second is the static connection with 'autoconnect=false'. Manual intervention will be required when you want to use the static connection at the office. What should happen is this: 1) When you're outside the office, the DHCP connection will automatically be used because it's 'autoconnect=true'. If there isn't a DHCP server present, NM will fail the connection and wait for you to do something, or for a link change event. 2) At the office, NM would try DHCP first and then fail the connection after the DHCP timeout because of course there's no DHCP server. At any point here you then choose the static connection from the applet menu, and NM will activate the static connection at your command.
Unfortunately the office network has also a DHCP server.
People have tossed around ideas like ARPing a known gateway's IP address and matching the ARP response to a known MAC address and then activating that connection, but that's pretty fragile and trivial to maliciously spoof.
This is the kind of functionality that I currently have with some custom made scripts. I understand the issues, but so far consider the risks quite negligible. I'm 99.9% sure I can differentiate when I'm at office and when not. So in my case an arping based insecure network detection with a pop-up saying "Connected to X", would be sufficient.
However, I do realize that the whole point of the NM is to be as simple (and automatic) as possible for ordinary people. If people start trusting this too much, problems will surely arise.
KS
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature