Use case: VPN client
Marcus Better
marcus at better.se
Wed May 9 17:01:31 UTC 2007
The project's scope is rather wide. Perhaps we should start by writing down
some use cases and see which ones we should target. Here's one based on my
own needs.
"User A can connect to the office with an IPsec tunnel. Whenever A is out of
office and connects to the Internet, the tunnel is brought up automatically.
If A connects directly to the office network, the tunnel is not needed."
It doesn't matter which network interface is used to connect to the Internet.
It can be sometimes eth0, or the wireless interface, or ppp0. So it doesn't
make much sense to specify this per-interface in /etc/networks/interfaces. My
current solution with if-up.d scripts is messy and ad hoc.
When the laptop is connected to the Internet, a daemon that monitors routing
messages would detect that there is a route to the VPN server and trigger
a "route added" event. Then some script would check that there is no direct
connection to the office network and start the IPsec tunnel.
The scripts could be done with upstart. All that is needed is a daemon that
emits the appropriate events (unless upstart will have that functionality
itself?), plus some scripts. The scripts can be provided by a netconf plugin
that would permit some simple configuration mechanism.
Marcus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/netconf-devel/attachments/20070509/d8bd8a72/attachment.pgp
More information about the netconf-devel
mailing list