Re: Implementing a VPN plugin



On Sat, 2017-12-09 at 20:31 +0100, Manuel Schölling wrote:
Hi,

I am currently implementing a WireGuard [1] VPN plugin for
NetworkManager in Rust.

I personally think that WireGuard should be handled natively, not as
VPN plugin. That of course doesn't preclude to have a VPN plugin, as
there is a stable plugin API. Thanks for working on that!!

My plugin can already setup a network device, but right now I am
working on giving feedback to NetworkManager.

If I understand the code correctly, my program has to call
nm_vpn_service_plugin_set_ip4_config() and pass a "a{sv}" dict to
tell
NetworkManager about the configuration. If NetworkManager validates
the
data, it will show the connection as "up".

But what data needs to be passed in the dict? Is
NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS and NM_VPN_PLUGIN_IP4_CONFIG_PREFIX
enough? And what data type should these values be?
Right now NetworkManager does not like the data I am passing and give
a
message like "invalid IP4 config received".

There is also the nm_vpn_service_plugin_set_config() function. Has
this
function to be called, too? And what arguments does it need?

And btw, is it ok if I call nm_vpn_service_plugin_set{_ipv4}_config(0
right from my program or I have to call it via the DBus instead?

nm_vpn_service_plugin_*() is part of libnm's public API, which VPN
plugins may use to implement a plugin. If this doesn't simplify your
work, then you don't need to use it. But of course, all VPN plugins
actually make use of libnm, so, it's probably a good idea.

For example, NM-openvpn doesn't call set_ip4_config() directly.
Instead, their helper script calls [1] the SetIp4Config D-Bus method of
/usr/libexec/nm-openvpn-service. The latter ends up being handled by
NMVpnServicePlugin [2], which then forwards the signal to NM [3]. And
NM handles it in [4]

[1] 
https://git.gnome.org/browse/network-manager-openvpn/tree/src/nm-openvpn-service-openvpn-helper.c?id=40e522aea2146ec20e0232545aa574664184be39#n114
[2] 
https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/libnm/nm-vpn-service-plugin.c?id=7044febf97debaf04b7f9ca4fbb2dc24fcf1b0b0#n876
[3] 
https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/libnm/nm-vpn-service-plugin.c?id=7044febf97debaf04b7f9ca4fbb2dc24fcf1b0b0#n345
[4] 
https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/vpn/nm-vpn-connection.c?id=7044febf97debaf04b7f9ca4fbb2dc24fcf1b0b0#n2072


yes, you need to send there something valid.


best,
Thomas

Attachment: signature.asc
Description: This is a digitally signed message part



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]