On Fri, Dec 11, 2020 at 04:36:08PM +0200, Jussi Laakkonen wrote:
We've had most of this running for a quite a long time and these
changes have been in for some time to get any bugs squeezed out, none so far
but if any rise I'll submit a patch.
That is really good to hear. I expected something like this.
Some of the VPNs may be apparently
misconfigured that they do not report proper netmask even (ifconfig verifies
this). Not sure if it is something missing in our 1.32 based ConnMan which
has a tonload of bandages on top and our own changes or is it just a
(misconfigured) test VPN (IPsec VPNC) server which works in an odd
There is this problem. If the bandages are somewhat contained and not
distributed over many files I wouldn't mind to get them. Do you have
link to it?
I did ponder about the adding of the network route quite a long.
in that netmask being inaddr_any, what should the network be then as it
cannot be resolved. I just thought having it as an error then would be now
the approach until that issue pops up and gets resolved, only thing it
affects is changing a connected misconfigured VPN to be split routed.
One thing we need to be clear to the user, that in such a scenario the
default traffic is not going over the VPN. This is more a UI thingy but
we should also have a big warning in the logs. I really want to avoid
the situation where the VPN service is at top of the service list and
it's not the default gateway.
And about big work and other changes. At some point next year I guess
will be time to send our multiuser changes as an RFC for people to test and
review, it includes having user specific WiFi and VPN (as we're working in
mobile environment, but there is work to be done in making these
configurable even) settings, ability to detect removed/added services at
runtime, user change listening over systemd logind to name but a few. Plus
simulated unit tests for user change operations in the storage.c in which
most of the changes are and separate unit tests simulating systemd logind
listening. These changes have been in use since summer I think and we're
fixing small issues here and there still. But at some point I hope I can
tweak it to patches, and hoping also to get 1.38 upgrade ongoing next year
as well. And these are no secrets, storage.c
can be checked there if there is interest and/or time.
BTW, I did try to cleanup the storage.c files beginning of the year. I
really hate the mess we have in there. The mix between provisioning and
configuration for both daemons ConnMan and VPN is just mind
boggling. How could so simple get so complex. I have a very rough
prototype which makes things way simpler. The main problem I run into
was how we support the different provisioning use case. You can either
provision VPN or ConnMan independently. This makes it really messy IMO
and it's an API issue. We cannot really cleanup this mess without
touching the D-Bus API.
There are also many other things that should be pushed to upstream
review.. I guess many of them require some discussion at first. But I'll get
back at you when it is time for them.
Looking forward to it!