Re: NM and IETF MIF working group

On Mon, 2015-09-28 at 22:29 +0200, Stjepan Groš wrote:
On 28.09.2015 11:48, David Woodhouse wrote:
On Mon, 2015-09-07 at 12:05 +0200, Stjepan Groš wrote:
Two colleagues of mine and I started to work on MIF implementation on
Fedora. In case someone doesn't know, IETF MIF working group ( tries to solve the
problems of a single node having multiple parallel connections to
different destinations (Internet, VPN, some private networks, etc.).
Please ensure you take proxies into account.

If my local DHCP server handed me a proxy PAC file, and if I connect
a split-tunnel VPN which *also* provides a proxy PAC file, I expect
that requests I make to to the company VPN (within its domain names
IP ranges) to use one proxy configuration, while requests to the
Internet at large should use my local proxy.

If I understand it correctly, PAC information received from DHCP is send
by NM via DBus, but otherwise not used in any way? So, it is necessary
to use some tool like proxydriver
( that will modify system
settings based on this info?

Yes, NM gets the information from DHCP and exposes it on D-Bus but does
not make any further use of it.  That's up to whatever proxy
implementation you have that wants to process PAC files, at least at
this point.  I think that's the point of libproxy/pacrunner though,
where apps need to say "how must I access"; and the
proxy library consults the list of methods to get there, and returns an
answer like "you must use this proxy" or "just go there directly".  Apps
do need to be smarter here.

Right. The plan  (which is mostly in my head for now) is that NM and
PacRunner cooperate so that apps can just query PacRunner "what proxy for
this URL" and get the right answer for VPN, non-VPN resources.

Once they'll actually be getting the *right* answer, then we can push (and
introduce distribution packaging guidelines) to fix the apps. They can
query PacRunner directly or use libproxy.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]