Red Hat Bugzilla – Bug 187252
RFE: Add rekey support as soon as the vpnc rekey patch is accepted upstream
Last modified: 2013-01-09 22:42:01 EST
Description of problem:
FC5 has the rekey patch applied to vpnc, it would be nice if NetworkManager-vpnc
supported this as well
Version-Release number of selected component (if applicable):
Obviously, until such time that upstream accepts the rekey patch we cannot add
this as we do not know if the vpnc that NM-vpnc will access even supports the
Passing the buck to Dan Williams
The real solution is to get upstream vpnc to turn on re-key by default, so that
we don't need an option in nm-vpnc.
But this does expose a greater problem. With nm-vpnc there is no way to pass
custom options to the vpnc binary. There should be a way to do this, perhaps
not exposed as much.
I don't really see a need to expose to the user whether rekeying is needed; it's
a dull implementation feature albeit an important one.
So.. we don't want this neither in gconf (we don't want users to use
gconf-editor to modify existing connections) nor in the UI (it just doesn't make
sense in the UI). Please don't.
Suggest to make NM-vpnc accept a compile time option whether to pass the
rekeying option. Then we can pass this option to the NM-vpnc FE package and make
it pull in the right vpnc package that support rekeying.
There is really no need to make it more complicated.
Hmm, the problem here is that I don't think vpnc knows about the rekey interval
from anything but the config file... so if you want rekeying, you need to know
what the interval is, no? We use 8 hours, but I've heard of one place that uses
15m intervals (crazy).
While the Cisco client appears to be able to automatically determine the rekey
interval, vpnc doesn't support that yet...
Oh my... so until vpnc gets this functionality suggest to just hardcode it at
say two hours just to pick a random number. I mean... it's not like NM-vpnc was
useful before to people that use 15m intervals as it didn't do rekeying before that.
How about that?
Some day, and that day may never come, vpnc can figure this out itself.
Ah, the joys of options - options are indeed evil :-)
Hey hey hey. I've got this under control. :-) I have a patch already which
Patch is in Rawhide and CVS HEAD of NM. Rekey is defaulted to 2 hours, and
users can modify it by adding the correct config magic to GConf. There's no UI
for it though.