Re: Generic IPSEC vpn plugin
- From: Paul Wouters <paul xelerance com>
- To: Dan Williams <dcbw redhat com>
- Cc: networkmanager-list gnome org
- Subject: Re: Generic IPSEC vpn plugin
- Date: Fri, 24 Apr 2009 16:16:53 -0400 (EDT)
On Fri, 24 Apr 2009, Dan Williams wrote:
people want to get notifications in userland on tunnels failing, they
should configure the ipsec tunnel to use Dead Peer Detection (RFC3706)
Ok, how does that actually show up in userspace? What can we make the
NM vpn plugin daemon listen for?
You tell me. What infrastructure is there for NM? I know there is dbus,
but I don't think that channel can be secured at all. Would unauthenticated
announcements be okay? Does NM have any other listening or polling methods?
Yeah there's support for this. Basically, you have two classes of
connections: system and user. Just like OS X actually. User
connections credentials and details are stored in the user session and
do not survive fast-user-switch. System connections are stored outside
of the user session, and thus are available before login and survive a
fast user switch. So if you don't want your VPN to be avialable to
everyone, you keep it as a user connection. If you don't care, you make
it a system connection and "available to all users" as the UI
checkbutton puts it.
That's good.
Paul
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]