Re: is there anyone here who understands the vpn implementation

[Daniel Wagner <wagi monom org>]

Hi Thomas,

On Wed, Nov 03, 2010 at 10:01:27AM -0700, Thomas Bushnell, BSG wrote:
> I've asked a few questions and gotten deafening silence. I'm not a bozo, and
> I was hoping for slightly more.
> 
> Is there anyone here who understands the VPN plugin implementation in
> network manager?

I have looked into the way NM handles this. If I got it right it works
like this: For each type of VPN implementation (e.g. openvpn) there
exists a helper daemon which exports an D-Bus interface. The helper
VPN daemon is spawnding the real VPN deamon. In the case of OpenVPN it
will start the daemon with few general arguments (e.g. client mode
etc) and a script argument ('--up') which will be called when OpenVPN
changes state (e.g. gets connected). The script called by OpenVPN is a
callback function into the VPN helper daemon which results into an
D-Bus message to NM.

> Is it necessary for a VPN plugin to allow network manager to manage the
> routing and tunneling once the VPN is setup, or is it ok if the VPN plugin
> does that itself?

OpenVPN is started with --route-noexec and --ifconfig-noexec which
means the OpenVPN is not change anything concerning routing or IP
configuration.

> What is the mechanism by which the VPN plugin should communicate to network
> manager that the connection is live? nm_vpn_plugin_set_state (...,
> NM_VPN_SERVICE_STATE_STARTED) does not work, and the vpnc plugin doesn't
> even do that much, yet of course it works.

Haven't looked at that part.

HTH,
daniel