Re: is there anyone here who understands the vpn implementation

Thu, 04 Nov 2010 12:10:39 -0700 

On Thu, Nov 4, 2010 at 4:52 AM, Daniel Wagner <[email protected]> wrote:

> Hi Thomas,
>
> On Wed, Nov 03, 2010 at 10:01:27AM -0700, Thomas Bushnell, BSG wrote:
> > I've asked a few questions and gotten deafening silence. I'm not a bozo,
> and
> > I was hoping for slightly more.
> >
> > Is there anyone here who understands the VPN plugin implementation in
> > network manager?
>
> I have looked into the way NM handles this. If I got it right it works
> like this: For each type of VPN implementation (e.g. openvpn) there
> exists a helper daemon which exports an D-Bus interface. The helper
> VPN daemon is spawnding the real VPN deamon. In the case of OpenVPN it
> will start the daemon with few general arguments (e.g. client mode
> etc) and a script argument ('--up') which will be called when OpenVPN
> changes state (e.g. gets connected). The script called by OpenVPN is a
> callback function into the VPN helper daemon which results into an
> D-Bus message to NM.
>

In the case of the vpn client I'm interfacing with, I don't have the option
of passing such a script argument. I discovered that you can't send the ip4
config message before you reply to the connect message, because the reply of
the connect message starts the timer to wait for the ip4 config message.
That's a bug in network manager; the timer on the ip4 config message should
not terminate the connection unless it hasn't happened at all; instead, it
only shuts it down if it happens after the connect completes.

To avoid this, I simply inserted a one-second sleep after returning the
connect message, and then I send the ip4 config message.

I'm faking the parameters; I'm telling it that it's always tun0, which I
think my vpn client I'm stuck with will do, and I also need to give it the
local address on the tun0 device, which I am giving what it seems to usually
give, and I believe nm does nothing with this address.

> Is it necessary for a VPN plugin to allow network manager to manage the
> > routing and tunneling once the VPN is setup, or is it ok if the VPN
> plugin
> > does that itself?
>
> OpenVPN is started with --route-noexec and --ifconfig-noexec which
> means the OpenVPN is not change anything concerning routing or IP
> configuration.


I don't have the option of doing that in this case. :(

Thomas

_______________________________________________
networkmanager-list mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/networkmanager-list

Reply via email to