Re: VPN connection with no device or address

[Dan Williams <dcbw redhat com>]

On Sun, 2013-05-26 at 00:19 +1000, Dan Fruehauf wrote:
> G'day,
>
> Maintaining the NetworkManager-ssh module I've got recently an inquiry by
> someone who wants to just use NetworkManager-ssh for port binding. While
> NetworkManager-ssh supports port binding by custom command line arguments I
> still couldn't figure out whether NetworkManager will support device-less,
> address-less VPN types.

Nope, it doesn't.  That's something we'd  like to change though, by
making VPNs more generic and calling the NM pieces "tunnel" or something
like that.  The current VPN code mostly depends on a network device, and
it certainly depends on getting an IPv4 or IPv6 address.

> Looks like in nm-vpn-plugin.c, at nm_vpn_plugin_set_config there is
> something looking for either ip4 or ip6 configuration. But what if I want
> to supply none?
>
> Yes I know, this is definitely not a VPN, if all you go for is port binding
> and not full communications. Perhaps another elegant solution can come in
> handy. What I could do (and would) is use
> NM_VPN_PLUGIN_IP6_CONFIG_NEVER_DEFAULT and
> NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT, which will not disrupt normal
> communications should the user chooses not to.
>
> I truly believe that after multiple simultaneous VPNs will be implemented
> (and also before, just with one VPN), many people would be happy to use
> multiple port bindings simultaneously using SSH. It's a really handy thing
> after all and NetworkManager-ssh already supports this.

We need more generic tunnel functionality before we can support this.
I'd like to start discussion around this, for example how the D-Bus API
should look for them, and what kind of tunnels/use-cases we should
support, whether they should be supported natively or through plugins,
what that plugin API should look like, etc.

Dan