Re: is there anyone here who understands the vpn implementation



On Thu, Nov 4, 2010 at 4:52 AM, Daniel Wagner <wagi monom org> wrote:
Hi Thomas,

On Wed, Nov 03, 2010 at 10:01:27AM -0700, Thomas Bushnell, BSG wrote:
> I've asked a few questions and gotten deafening silence. I'm not a bozo, and
> I was hoping for slightly more.
>
> Is there anyone here who understands the VPN plugin implementation in
> network manager?

I have looked into the way NM handles this. If I got it right it works
like this: For each type of VPN implementation (e.g. openvpn) there
exists a helper daemon which exports an D-Bus interface. The helper
VPN daemon is spawnding the real VPN deamon. In the case of OpenVPN it
will start the daemon with few general arguments (e.g. client mode
etc) and a script argument ('--up') which will be called when OpenVPN
changes state (e.g. gets connected). The script called by OpenVPN is a
callback function into the VPN helper daemon which results into an
D-Bus message to NM.

In the case of the vpn client I'm interfacing with, I don't have the option of passing such a script argument. I discovered that you can't send the ip4 config message before you reply to the connect message, because the reply of the connect message starts the timer to wait for the ip4 config message. That's a bug in network manager; the timer on the ip4 config message should not terminate the connection unless it hasn't happened at all; instead, it only shuts it down if it happens after the connect completes.

To avoid this, I simply inserted a one-second sleep after returning the connect message, and then I send the ip4 config message.

I'm faking the parameters; I'm telling it that it's always tun0, which I think my vpn client I'm stuck with will do, and I also need to give it the local address on the tun0 device, which I am giving what it seems to usually give, and I believe nm does nothing with this address.

> Is it necessary for a VPN plugin to allow network manager to manage the
> routing and tunneling once the VPN is setup, or is it ok if the VPN plugin
> does that itself?

OpenVPN is started with --route-noexec and --ifconfig-noexec which
means the OpenVPN is not change anything concerning routing or IP
configuration.

I don't have the option of doing that in this case. :(

Thomas
 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]