Use case: VPN client

Marcus Better marcus at better.se
Wed May 9 17:01:31 UTC 2007


The project's scope is rather wide. Perhaps we should start by writing down 
some use cases and see which ones we should target. Here's one based on my 
own needs.

"User A can connect to the office with an IPsec tunnel. Whenever A is out of 
office and connects to the Internet, the tunnel is brought up automatically. 
If A connects directly to the office network, the tunnel is not needed."

It doesn't matter which network interface is used to connect to the Internet. 
It can be sometimes eth0, or the wireless interface, or ppp0. So it doesn't 
make much sense to specify this per-interface in /etc/networks/interfaces. My 
current solution with if-up.d scripts is messy and ad hoc.

When the laptop is connected to the Internet, a daemon that monitors routing 
messages would detect that there is a route to the VPN server and trigger 
a "route added" event. Then some script would check that there is no direct 
connection to the office network and start the IPsec tunnel.

The scripts could be done with upstart. All that is needed is a daemon that 
emits the appropriate events (unless upstart will have that functionality 
itself?), plus some scripts. The scripts can be provided by a netconf plugin 
that would permit some simple configuration mechanism.

Marcus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/netconf-devel/attachments/20070509/d8bd8a72/attachment.pgp


More information about the netconf-devel mailing list