EasyVPN

Revision 10 as of 2008-08-06 16:23:07

Clear message

Summary

A proposal to bring easy VPN client setup to the Ubuntu desktop and enable PPTP-based DSL connections.

Rationale

Many users associated with some sort of organisation (school, university, company, etc.) need access to that organisation's internal network via VPN. Currently, setting up a VPN client requires the user to mess around with configuration files and command lines. This needs to improve.

Furthermore in some countries like Austria DSL connections are realized based on PPTP connections. Users without a router can not even install the standard ubuntu-desktop CD since linux-pptp does not ship with the CD nor does a GUI app to configure pptp connections.

Use cases

  • Hugo is Austrian and the Ubuntu installer wants to connect to the internet for syncing security updates. Hugo finds a way to create PPTP connections via some GUI (e.g. network-manager) and by that means is able to connect his machine to the internet. When the installation is done he finds the same GUI in the installed OS and magically finds the already configured PPTP connection from the installation.
  • Anne wants to connect to the university's Cisco based VPN. She has found a .pcf file on the network but she doesn't know what to do with it.
  • Michael needs access to a secure part of the company network. A colleague has given him a configuration file for a pppd+pptp-linux combo, but neither of them feel that it should be this tedious.
  • Søren wants to set up a VPN system for his company based on free software, and he chooses OpenVPN. However, setting up the clients require a lot of manual work which takes time that could have been spent on developing cool free software.

Scope

At least Cisco VPN, PPTP, and OpenVPN connectivity should be included. Anything else is a bonus.

Design

With NetworkManager a new standard has been set for Linux networking that Just Works[tm]. VPN connectivity should work with NetworkManager.

Implementation and Code

NetworkManager CVS already contains vpn plugins for vpnc (Cisco VPN), pptp and OpenVPN. These need to be packaged and NetworkManager needs to be able to change the DNS settings accordingly.

Data preservation and migration

For the VPN types that already have a welldefined place to store configurations, any current configurations should be imported.

Outstanding issues

I've already packaged the VPN plugins.

There has been reports about NetworkManager not being up the the sensitive task of handling resolv.conf. Rumour has it that there are several bug reports to support this claim, but I haven't been able to find any. Currently, setting the DNS settings is done by the DHCP client. Some have suggested letting the VPN plugins handle changing resolv.conf, but making 4 different things do this correctly (dhclient and the three vpn plugins) seems quite a bit more errorprone than having one thing do it (NetworkManager based on info from the plugins) and concentrate on making that one do it correctly.

The configuration importers need to be developed.

Can you expand on the DNS issues? It's hard to give any constructive feedback for the meat of the subject since the plugins are already ready to go. -- ScottRobinson

Elaborated a bit. Hope this is enough to spark the discussion. -- SorenHansen

BoF agenda and discussion


CategorySpec