On Thu, 2007-04-26 at 14:49 +0200, Martin Willi wrote: > Hi, > > I'm a dev of the strongSwan project (an IPsec solution, > www.strongswan.org). I'm trying to write an interface for our IKEv2 > keying daemon to NetworkManager. > I've chosen a somewhat different approach than the existing plugins, as > I want to integrate the DBUS interface directly into the daemon.
Sorry for the lag... > I've read the source and studied the existing plugins, but it's not all > clear to me yet. > As I've understood so far, there are two things to handle at the > in-daemon DBUS connection: > > - handle startConnection(), stopConnection() methods > - send notifications to NM (LoginFailed, IP4Config, StateChange, ...) > > The prototype is almost working so far. I'm currently doing the > following: > > a. Set state to STOPPED (after daemon startup) > b. Wait for StartConnection() > c. Set state to STARTING, establish IPsec tunnel > d. Send IP4Config signal > e. Set state to STARTED > f. Wait for StopConnection() > g. Set state to STOPPING, tear down tunnel > h. Set state to STOPPED > > Ok, now I have some questions: > > 1. Does the above look correct? Have I missed something important? Looks more or less correct. NM handles storing the configuration that your VPN daemon needs, and pushing that configuration (including secrets) to your daemon. > 2. What are signalConfigError() and signalIP4Config() methods used for? > Are they used at all? The VPN interface was originally designed for the mobile user use-case for connections back to the company. That means that the VPN-provided IP address, routing information, and nameserver information replaces the current settings. That's no longer adequate though, and we'd like to change it to support point-to-point VPN links too. In any case, when the vpnc plugin gets the IP address, nameservers, and routes from the VPN concentrator, it forwards those settings to NetworkManager so that NM can can apply the IP address to the tunnel and set up the routes and nameserver correctly in /etc/resolv.conf. What are the normal use-cases for your VPN daemon? > 3. It's currently unclear to me how to handle multiple connections at > the same time. Is it possible at all to have two active connections? It was planned but it wasn't implemented at the time. We'd like to change that though. Dan > Any feedback or some pointers to docs are welcome. Thanks... > > > Best regards > Martin Willi > > _______________________________________________ > NetworkManager-list mailing list > [email protected] > http://mail.gnome.org/mailman/listinfo/networkmanager-list _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
