Re: VPN Suggestion



On Sat, 2009-09-19 at 15:26 -0400, John Mahoney wrote:
> 
> 
> On Sat, Sep 19, 2009 at 3:01 PM, Trey Nolen <support internetpro net>
> wrote:
>         
>         > > One suggestion for VPN settings is to have non-company IP
>         traffic not route
>         > > on the VPN by default.
>         > >
>         > > To accomplish this now you have to go to the IPv4 routes
>         page which is
>         > > buried 3 layers deep and select.
>         > > "Use this connection only for resources on its network"
>         > >
>         > > I would suggest moving this to the VPN connection page and
>         rename it
>         > > something like.
>         > > "Use this connection for resources on other networks"
>         default to unchecked
>         
>         >
>         > I might have this backwards but I disagree, this setting
>         overwrites
>         > whatever the server sends you so the default should be to
>         respect what
>         > the server sends.   If someone wants that setting for all
>         their users
>         > let them set it on the server.  Otherwise it will cause
>         support issues
>         > for people when some clients do not act as they are expected
>         to act.
>         > _______________________________________________
>         
>         
>         I agree with the first post. In almost every instance, I have
>         to drill
>         down and check the "Use this connection only for resources on
>         its
>         network" selection.  Windows acts like NM does by default, and
>         you have
>         to  remove "Use default gateway on remote network".  If NM
>         wants to stay
>         in line with what Windows is doing, that's fine, but I would
>         respectfully ask that the option at least be put on the main
>         config
>         screen to reduce the number of clicks.
>         
>         Trey Nolen
>         
>         _______________________________________________
>         NetworkManager-list mailing list
>         NetworkManager-list gnome org
>         http://mail.gnome.org/mailman/listinfo/networkmanager-list
> 
> The button is more generic than just VPN stuff.  Without looking at
> the code it appears to be an attribute of the routes tab and the
> routes tab is an attribute of any connection with ipv4 settings.
> 
> My recommendation would be to put the ipv4 tab first(from left to
> right) in the list and maybe move the two ignore routes check box out
> of the routes tab and place them directly in the ipv4 settings tab.
> My layout is based on Ubuntu 9.04 Gnome.

That's not an unreasonable suggestion, to put the IPv4 & 6 pages first.
I'll take a patch to do that.

I'll also make the "security" argument for VPNs: if everything is routed
through the VPN, you are more secure.  If stuff is not, your password to
say IRC or whatever is in the clear in your coffee shop.  You may not
realize that.  Those of us who know what that setting does are quite
capable of finding it.  Your system administrator can also set it up for
you if you're in a managed environment.  This is one case where we
default to "more secure", which in the case of VPNs is likely the
appropriate thing to do.

Dan


> I feel these settings are very important because most people I know
> that *give up* on NM do so because they do not know these settings
> exist and get annoyed by the magic route mangling Nm does when new
> devices come and go.
> 
> --
> John 
> 
> 
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]