On Wed, 2008-05-14 at 11:46 -0400, Matthew Saltzman wrote: > On Tue, 2008-05-13 at 18:23 -0500, Brian Millett wrote: > > Dan Williams escribĂo: > > > On Tue, 2008-05-13 at 15:58 -0500, Brian Millett wrote: > > >> Fedora 8, > > >> NetworkManager-devel-0.7.0-0.6.7.svn3370.fc8 > > >> NetworkManager-vpnc-0.7.0-0.6.3.svn3109.fc8 > > >> NetworkManager-glib-0.7.0-0.6.7.svn3370.fc8 > > >> NetworkManager-gnome-0.7.0-0.6.7.svn3370.fc8 > > >> NetworkManager-openvpn-0.7.0-8.svn3302.fc8 > > >> NetworkManager-glib-devel-0.7.0-0.6.7.svn3370.fc8 > > >> NetworkManager-0.7.0-0.6.7.svn3370.fc8 > > >> > > >> I have a vpnc configuration I need to setup. It has a "IPSec obfuscated > > >> secret" for the > > >> group password. > > >> > > >> The old vpn connection were defined in the > > >> .gconf/system/networking/vpn_connections but > > >> where are the connections defined now? > > > > > > They are normal connections in /system/networking/connections just like > > > wifi, ethernet, cdma, gsm, etc are. > > > > Cool! Still via configuration editor. > > > > Any way of knowing what number corresponds to which connection? > > > > >> How do I edit the configurations? > > > > > > You can still use the VPN connection editor, available from the applet > > > menu. > > > > Ok, so how do I enable the ability to edit the connection? I can see the > > connections in > > the "Edit connections", but the only item available to click is "Delete". > > > > >> Are the conf files in /etc/vpnc referenced? > > > > > > No, because VPN connections are currently per-user, though with the > > > keyfile system settings plugin there's no reason they couldn't be > > > system-wide as well. > > > > > A couple related questions: > > (1) If I want to add > > DPD idle timeout (our side) 0 > > what do I need to name the key in gconf? The gconf editor complains > about the parentheses.
The name of the item in GConf is the exact string passed to vpnc as a configuration option. You'll need to GConf-escape the parentheses. GConf uses the @ symbol as the escape, so you want to convert the characters to be escaped to decimal, then put that number between two @ symbols, like so: My Option -->>> [EMAIL PROTECTED]@Option > (2) Can the obfuscated secret be stored in the keyring? If so, how? If > not, how can I get it to be used instead of the group password in the > keyring? At least vpnc can decrypt the obfuscated group secret these days. But since it's not really the password, we should store it differently in the keyring than the password we store the group password. We do have a number of different issues here with the group password: 1) You're given the cleartext group password 2) You're given a pcf file with obfuscated group password 3) You're using OTP for the group password with tokens or whatever The first two need to get saved in the keyring. The third doesn't get saved in the keyring and gets asked for every time. I don't see a big problem with adding support to the vpnc connector to accept the obfuscated secret, but the big issue is going to be that it's going to add yet another edit box somewhere. That's not really helpful, I don't think. Do you have any idea if the obfuscated secrets are all the same length so perhaps we could auto-detect based on string length? Any good hash algorithm is going to generate stable-length results. > (3) Will the ability to set these features be added to the Edit > Connections dialog in NM? If I set them by hand, are the recognized and > passed to vpnc by NM-vpnc? We're going to fold the vpn properties into the connection editor, yes. But options are still gated by the VPN service helpers, so it takes more than just stuffing the value into GConf for it to get to vpnc. And while that's a pain for people needing options that the vpnc connector doesn't yet support, it's a good thing to gate them because being able to pass just anything to the vpnc daemon (which runs as root) is wrong. Dan _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
