Re: [PATCH] Accept VPN IPv4 configs without a tundevice

From: Martin Willi <martin strongswan org>
To: Dan Williams <dcbw redhat com>
Cc: networkmanager-list gnome org
Subject: Re: [PATCH] Accept VPN IPv4 configs without a tundevice
Date: Fri, 09 Sep 2011 10:40:53 +0200

Hi Dan,

> So does the plugin still pass back the rest of the IPv4 config to NM?

Yes, but mostly to make NM happy with the VPN connection. We actually
need NM to handle DNS information only, as we don't want to compete with
it for resolv.conf.

> Basically, if the plugin will ensure that IP addressing and routes get
> set up as NM would expect them to, then we can have the plugin to pass a
> flag to NM saying that's the case, and then NM wouldn't do much (except
> DNS fixups, search domain stuff, etc) but would still advertise the
> attributes of the VPN connection such that clients could still determine
> the VPN's IPv4 config.

I think this would be the best solution. Our daemon installs the route
in a dedicated routing table to avoid any conflicts (for example if we
get a second default route over the VPN). This way it doesn't conflict
with NM routes, but just overrides them.

It would be nice if I could tell NM if the VPN plugin handles the setup
itself during config signaling, e.g.:
 - got VPN specific IP 10.0.0.7 on eth0, installed myself
 - got a route to 10.0.0.0/16 using 10.0.0.7, installed myself
 - got DNS server 10.0.1.2, please handle it for me

Does that sound reasonable?

Another solution would be to let NM install the IP and route. But it is
rather tricky (and plugin specific) to set them up correctly in the VPN
context, I won't burden that to NM.

Regards
Martin

References:
- [PATCH] Accept VPN IPv4 configs without a tundevice
  - From: Martin Willi
- Re: [PATCH] Accept VPN IPv4 configs without a tundevice
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]