Re: Generic IPSEC vpn plugin

From: Paul Wouters <paul xelerance com>
To: Dan Williams <dcbw redhat com>
Cc: networkmanager-list gnome org
Subject: Re: Generic IPSEC vpn plugin
Date: Fri, 24 Apr 2009 16:16:53 -0400 (EDT)

On Fri, 24 Apr 2009, Dan Williams wrote:

people want to get notifications in userland on tunnels failing, they
should configure the ipsec tunnel to use Dead Peer Detection (RFC3706)


Ok, how does that actually show up in userspace?  What can we make the
NM vpn plugin daemon listen for?


You tell me. What infrastructure is there for NM? I know there is dbus,
but I don't think that channel can be secured at all. Would unauthenticated
announcements be okay? Does NM have any other listening or polling methods?

Yeah there's support for this.  Basically, you have two classes of
connections: system and user.  Just like OS X actually.  User
connections credentials and details are stored in the user session and
do not survive fast-user-switch.  System connections are stored outside
of the user session, and thus are available before login and survive a
fast user switch.  So if you don't want your VPN to be avialable to
everyone, you keep it as a user connection.  If you don't care, you make
it a system connection and "available to all users" as the UI
checkbutton puts it.


That's good.

Paul

Follow-Ups:
- Re: Generic IPSEC vpn plugin
  - From: Dan Williams

References:
- Generic IPSEC vpn plugin
  - From: Peter Robinson
- Re: Generic IPSEC vpn plugin
  - From: Paul Wouters
- Re: Generic IPSEC vpn plugin
  - From: David Woodhouse
- Re: Generic IPSEC vpn plugin
  - From: Dan Williams
- Re: Generic IPSEC vpn plugin
  - From: Peter Robinson
- Re: Generic IPSEC vpn plugin
  - From: Paul Wouters
- Re: Generic IPSEC vpn plugin
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]