Re: [PATCH 00/11] VPN split routing

Wed, 21 Mar 2012 00:04:45 -0700 

Hi Jeff,

On 03/21/2012 02:35 AM, Jeff Zheng wrote:

On 03/20/2012 08:33 PM, Jukka Rissanen wrote:

Hi,

following patches implement split routing for VPN. This means that
it is possible to have VPN connected but the default route points
to a non VPN service, and VPN only has specific routes defined.
The VPN routes can be either user defined or set up by VPN server.

The VPN split routing is only practical if we know the routes that
should be used by VPN service. So patch #1 adds function to add user
defined route support in provider. Patch #2 adds support for saving
and loading user defined networks. User should be able to set or
change the routes, this is enabled by patch #3.

The split routing is enabled when user moves a service before a VPN
service. Split routing for VPN can be then disabled by moving VPN
service before another (non-VPN) service. This is done by patch #5.
Split routing information for a service is saved and loaded by
patch #6.

The ordering of services needs to be modified in order to set the
gateways correctly in connection.c. This is done by patches #7
and #8. The original default route must not be removed when setting
the VPN routes if split routing is enabled, otherwise we would not
have any default route set. This is done by patches #9 and #10.


Example of setting the user routes using python script

networks = "172.16.0.0/20 2001:db8:dead:f00/64"
path = manager.ConnectProvider(({ "Type": "openvpn",
"Name": "opentest",
"Host": "192.168.2.1",
"VPN.Domain": "opendomain",
"UserNetworks" : networks,
"OpenVPN.CACert": "ca.cert",
"OpenVPN.Cert": "foobar.cert",
"OpenVPN.Key": "foobar.key"})

Hi Jukka,

Does it also support openconnect?
Sure, all the different VPN technologies are supported. The patch does not add any code to VPN plugins. 



And if I have two connections, ethernet and 3G, and setup a VPN connection
over 3G connection, does VPN split routing works on ethernet? I mean, if I
move ethernet service before VPN, will ethernet interface become default
route and VPN still works?
That will work. Only thing to remember is that either user or the VPN server needs to set the routes that are behind the VPN server, otherwise the VPN traffic could not be directed into VPN pipe. 



Bests
Jeff



Cheers,
Jukka

_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman

Reply via email to