Hello list,
I've written initial OpenConnect VPN support into carrick (aka MeeGo
netbook networks panel) in the last days: things now work with connman
master, but there are some issues in making the user interaction as
smooth as it should be: I've had to add extra UI elements for connecting
to VPNs and also have to do additional cleanup after VPN disconnection.
I know that Samuel is going to work on some of these things soon but I'd
like to make sure I understand where we are going... So, I'm writing
down how VPNs should work from my UI client developer POV and also note
the possible solutions that have been mentioned. Please correct me
whenever I do not make sense -- I'm not too familiar with connman
internals so my "solutions" may be everything but.
1.The UI problem to solve is "How to consistently show the user the
available VPN connections". I think connman should list "available" VPN
services in the service list.
There is no problem requiring another call e.g. to create the VPN
providers or whatever the implementation requires, but including the
services in the service list at some point seems like a logical choice
to me. The VPN services should possibly only show up when there is
another "online" service already, they don't make much sense otherwise.
"Available VPN" above means a VPN connection that is configured to the
point where the user only needs to give credentials to connect: this
means connman should be able to access the configurations that are
needed for authentication and connecting.
I believe Samuel thought it would make sense to store some OpenConnect
config in connman .config files, but he wasn't as convinced that VPN
services should be listed like other services: I'm ready for any
alternative solution that allows me to present VPNs to the user in a
consistent way.
I'm not entirely sure what parts of openconnect config -- currently
stored in /system/networking/<N>/ -- should to be stored by connman...
Some of the items are more client specific or user specific. David and
Samuel have a clearer picture of this I'm sure. I would appreciate
someone spelling it out for me too :).
2. The actual authentication should be done by clients
When user wants to connect, connman should ask the client UI for a
openconnect auth-cookie (and provide the necessary config required to
fetch it). the other alternative is for connman to relay the vpn servers
challenges to the client UI that would then send the responses back via
connman... but that would be quite complex.
According to Samuel the Agent api could be used for this.
3. Configuring a new VPN connection should be possible
For carrick I'd like to implement this like "Add new connection" for
wireless connections is implemented: filling out a form would create a
VPN configuration that would then be available in the service list
Comments and corrections appreciated,
Jussi
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
