Re: VPN plugins and IP/DHCP configuration

On Thu, 2017-12-28 at 15:00 +0100, Manuel Schölling wrote:

I am currently developing a wireguard VPN plugin [1] for
I am wondering how the device configuration works for VPN devices.

You can get the IP settings using
nm_connection_get_setting_ip4_config(). It is the VPN plugin's job to
apply these settings, right?
What I do not get, yet, is why does the plugin report these settings
back to NM using nm_vpn_service_plugin_set_ip4_config()?
NM already knows these settings - or is it just to confirm back to NM
what settings were really applied?

And how does it work for DHCP? Does NM start an DHCP client daemon
the device that was created or is it the plugin's job to run a DHCP



Hi Manuel,

AFAIK, none of the existing NM VPN plugins do DHCP on the link
themself. Although that would be of course useful, for example with a
openvpn+tap interface.

I think re-implementing DHCP client functionality inside the VPN plugin
would be a bad solution, because of the duplication of work.

A better solution would be to extend the VPN API so that NM can do DHCP
on such links. That is however quite some work (patches welcome ;-) ).

I tend to think that VPN plugins are not as great as they should be.
There are some advantages of having a plugin compared a native device-
type in NetworkManager itself, but there are also downsides. Especially
it adds complexity and code duplication. Moreover, the plugin API may
be too limited/restricted, and it is a lot of effort to get simple
things done.
I personally, would not add a VPN plugin but a native device type in
NetworkManager itself. For example like MACSec:
Of course, this is not very helpful for you. Sorry for that.


Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]