On Sun, 1 Oct 2006, Golam Mortuza Hossain wrote:
> On 10/1/06, Matthew Saltzman <[EMAIL PROTECTED]> wrote:
>> On Sun, 1 Oct 2006, Dan Williams wrote:
>>
>> > On Fri, 2006-09-29 at 00:17 -0400, Golam Mortuza Hossain wrote:
>
>> >>
>> >> Would it be possible to have an association for a given VPN connection
>> >> with a given SSID? So if defined by user, nm would also auto-connect to
>> >> VPN after connecting to the given SSID.
>> >
>> > Good point. We had considered auto-connecting VPN in the early stages
>> > of NM but that got dropped for various reasons. It's now time to
>> > revisit that. Your suggestion sounds spot-on. But let's generalize
>> > that to associating a VPN connection with an NM Configuration (ie, a
>> > collection of settings describing a specific network connection). I'd
>> > probably want to use a VPN over Bluetooth to my phone which connects to
>> > Sprint using PPP, if just to access my Red Hat email from the middle of
>> > Wisconsin, for example.
>> >
>> > Meanwhile, if we really wanted this soon, we could make NM reconnect the
>> > VPN automatically when the connection drops, but not if you explicitly
>> > disabled it. Somewhat harder than it looks because connection drops
>> > aren't always distinguishable from other circumstances, but certainly
>> > doable.
>>
>> Unless I miss something, there are a couple of very different use cases
>> here: (1) I'm on my own campus and wireless connections to the campus net
>> must be made through a VPN because WEP is deemed insecure. (2) I'm away
>> from my own campus (possibly anywhere) and must connect to the campus net
>> via VPN to reach firewalled resources.
>>
>> For the former case, configuring VPN connect-on-start is a reasonable
>> solution, and it's known that if VPN-on-start is set then VPN-on-reconnect
>> is the right thing to do.
>>
>> For the latter case, one really wants some sort of automatic
>> reconnect-in-last-state. I connect to lots of WAPs, but I only use my VPN
>> if I need to get to university-internal stuff behind the firewall. If I
>> were connected via VPN and the connection dropped, I'd want to
>> re-establish the VPN connection automatically, but I don't want to set it
>> to start or not per access point. (Some people may want that feature and
>> that's fine, but I'd leave VPN off by default on all my connections for
>> which case 1 doesn't apply.)
>> How would it work to say this: If the last state when connected was VPN
>> up and you reconnect to the same SSID within some time period (order of a
>> few minutes, maybe settable), then restart the VPN on reconnection.
>
> Hi Matthew,
>
> OK! I see your point. In fact, I go through the same situation
> everyday :-) I think, what Dan has suggested i.e.
>
> "associating a VPN connection with an NM Configuration (ie, a
> collection of settings describing a specific network connection)."
>
> can take care of this also. I mean for APs within campus
> (case 1), one should set
>
> "vpn::connection=always-on".
>
> Otherwise (case 2), as you suggested, the default setting should be
>
> "vpn::connection=on
> if (connecting-to-last-active-ap AND last-state-had-active-vpn)".
>
> Note, there is no need to check for any time period. Because,
> above conditions give identical situation compared to the
> situation when there were no drop in wireless connection.
>
> I mean, if there were no drop in connection then you would normally
> (1) connect to VPN; (2) access your campus-stuffs;
> (3) disconnect vpn. With above condition for "vpn::connection",
> you would have exactly same situation irrespective of whether there
> were any drop in wireless connections or not.
This seems reasonable to me. Or you could keep the last state for each
connection and delete the connecting-to-last-active-ap. Then the other
clause would be last-state-for-this-ap-had-active-vpn. So if I
drop a connection, connect to another SSID, and then come back, I get
whatever state I left the first one in.
>
> Cheers,
> Golam
>
>
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
_______________________________________________
NetworkManager-list mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/networkmanager-list
