Bug 187252 - RFE: Add rekey support as soon as the vpnc rekey patch is accepted upstream
RFE: Add rekey support as soon as the vpnc rekey patch is accepted upstream
Product: Fedora
Classification: Fedora
Component: NetworkManager-vpnc (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Aillon
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2006-03-29 11:06 EST by Patrick C. F. Ernzer
Modified: 2013-01-09 22:42 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-05-29 00:14:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Patrick C. F. Ernzer 2006-03-29 11:06:52 EST
Description of problem:
FC5 has the rekey patch applied to vpnc, it would be nice if NetworkManager-vpnc
supported this as well

Version-Release number of selected component (if applicable):

Additional info:
Obviously, until such time that upstream accepts the rekey patch we cannot add
this as we do not know if the vpnc that NM-vpnc will access even supports the
Comment 3 David Zeuthen 2006-03-29 11:48:50 EST
Passing the buck to Dan Williams
Comment 4 Jesse Keating 2006-03-29 13:37:16 EST
The real solution is to get upstream vpnc to turn on re-key by default, so that
we don't need an option in nm-vpnc.

But this does expose a greater problem.  With nm-vpnc there is no way to pass
custom options to the vpnc binary.  There should be a way to do this, perhaps
not exposed as much.
Comment 6 David Zeuthen 2006-03-30 10:14:48 EST
I don't really see a need to expose to the user whether rekeying is needed; it's
a dull implementation feature albeit an important one. 

So.. we don't want this neither in gconf (we don't want users to use
gconf-editor to modify existing connections) nor in the UI (it just doesn't make
sense in the UI). Please don't.

Suggest to make NM-vpnc accept a compile time option whether to pass the
rekeying option. Then we can pass this option to the NM-vpnc FE package and make
it pull in the right vpnc package that support rekeying.

There is really no need to make it more complicated.
Comment 7 Dan Williams 2006-03-30 10:41:47 EST
Hmm, the problem here is that I don't think vpnc knows about the rekey interval
from anything but the config file...  so if you want rekeying, you need to know
what the interval is, no?  We use 8 hours, but I've heard of one place that uses
15m intervals (crazy).

While the Cisco client appears to be able to automatically determine the rekey
interval, vpnc doesn't support that yet...
Comment 8 David Zeuthen 2006-03-30 11:06:24 EST
Oh my... so until vpnc gets this functionality suggest to just hardcode it at
say two hours just to pick a random number. I mean... it's not like NM-vpnc was
useful before to people that use 15m intervals as it didn't do rekeying before that.

How about that?

Some day, and that day may never come, vpnc can figure this out itself.

Ah, the joys of options - options are indeed evil :-)
Comment 9 Christopher Aillon 2006-04-04 15:16:19 EDT
Hey hey hey.  I've got this under control.  :-)  I have a patch already which
I'm tuning.
Comment 10 Dan Williams 2006-05-29 00:14:44 EDT
Patch is in Rawhide and CVS HEAD of NM.  Rekey is defaulted to 2 hours, and
users can modify it by adding the correct config magic to GConf.  There's no UI
for it though.

Note You need to log in before you can comment on or make changes to this bug.