[PATCH 00/11] VPN split routing

Tue, 20 Mar 2012 05:34:29 -0700 

Hi,

following patches implement split routing for VPN. This means that
it is possible to have VPN connected but the default route points
to a non VPN service, and VPN only has specific routes defined.
The VPN routes can be either user defined or set up by VPN server.

The VPN split routing is only practical if we know the routes that
should be used by VPN service. So patch #1 adds function to add user
defined route support in provider. Patch #2 adds support for saving
and loading user defined networks. User should be able to set or
change the routes, this is enabled by patch #3.

The split routing is enabled when user moves a service before a VPN
service. Split routing for VPN can be then disabled by moving VPN
service before another (non-VPN) service. This is done by patch #5.
Split routing information for a service is saved and loaded by
patch #6.

The ordering of services needs to be modified in order to set the
gateways correctly in connection.c. This is done by patches #7
and #8. The original default route must not be removed when setting
the VPN routes if split routing is enabled, otherwise we would not
have any default route set. This is done by patches #9 and #10.


Example of setting the user routes using python script

  networks = "172.16.0.0/20 2001:db8:dead:f00/64"
  path = manager.ConnectProvider(({ "Type": "openvpn",
                                  "Name": "opentest",
                                  "Host": "192.168.2.1",
                                  "VPN.Domain": "opendomain",
                                  "UserNetworks" : networks,
                                  "OpenVPN.CACert": "ca.cert",
                                  "OpenVPN.Cert": "foobar.cert",
                                  "OpenVPN.Key": "foobar.key"}))


Cheers,
Jukka


Jukka Rissanen (11):
  provider: Add support for user defined routes
  provider: Save and load user specified routes
  provider: Allow user to set routes when creating provider
  provider: Check if there are any routes for the provider
  service: Allow user to do split routing for VPN services
  service: Save/load split routing information for VPN
  service: Add function to update the service list order
  connection: Update service list order
  service: Return service split routing status
  connection: Remove original default route only when needed
  todo: Mark split tunneling/routing done

 TODO             |   14 -----
 src/connection.c |   12 ++++-
 src/connman.h    |    5 ++
 src/provider.c   |  144 +++++++++++++++++++++++++++++++++++++++++++++++++++---
 src/service.c    |   61 ++++++++++++++++++++---
 5 files changed, 205 insertions(+), 31 deletions(-)

-- 
1.7.5.4

_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman

Reply via email to