Re: Generic IPSEC vpn plugin

From: David Woodhouse <dwmw2 infradead org>
To: Paul Wouters <paul xelerance com>
Cc: networkmanager-list gnome org
Subject: Re: Generic IPSEC vpn plugin
Date: Sun, 19 Apr 2009 20:17:39 +0100

On Tue, 2009-04-07 at 11:23 -0400, Paul Wouters wrote:
> Openswan has a GSoC project submission for this. One of the issues is
> the architecture of NM, which focusses on user-based, and the the
> architecture of ipsec, which is host-based. This creates some issues,
> one of which is where and how to store and pass user/host credentials.

NetworkManager has all those problems anyway -- they aren't specific to
IPSec. Other VPNs, wireless and even wired connections are system-wide
things; once they're set up, any user can use them. None of it is
_really_ a per-user thing. It's a complete pain in the arse that my
wireless network doesn't come up after I reboot my laptop, for example,
until I physically walk up to it and log in. This _used_ to work in
early versions of NetworkManager, but then broke because of this
misguided per-user thing.

(I do actually want to set up VPN connectivity which doesn't tell the
kernel about itself at all, but just listens as a SOCKS server and
provides access to the VPN that way, thus giving access to the VPN
_without_ necessarily giving access to arbitrary users and untrusted
code on the box in question. But that's outside the scope of
NetworkManager discussion).

-- 
dwmw2

Follow-Ups:
- Re: Generic IPSEC vpn plugin
  - From: Dan Williams

References:
- Generic IPSEC vpn plugin
  - From: Peter Robinson
- Re: Generic IPSEC vpn plugin
  - From: Paul Wouters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]