Re: Request for feedback

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 2741 bytes --]

Hi,

On Tue, 2012-10-23 at 14:23 +0200, Alexander Marx wrote:
> Hi!
> 
> I am thinking of developing a GUI for vpn Firewallrules.
> unfortunately there are a few things to be done before i can implement
> this.

Great idea. I would like to offer my support.

> The goal is to have a gui where one can say:
> 
> i want Roadwarrior1 to be able to have access to a specific ip in
> green.
> 
> To be able to do this, we need the possibility to assign a roadwarrior
> a fix ip-Address. This is actually not possible because of the DHCP
> Openvpn Subnet.

Please do not confuse the IP assignment of OpenVPN with DHCP. It's only
a dynamic address pool.

Also, calling the other subnets "CCD subnets" does not suit them very
well. A better solution would be "static address pool" for example?
Basically, we should hide CCD completely from the user, because it's an
implementation detail.

The goal is to make it very clear what kind of subnet this is. Having
"dynamic" and "static" in the name of the subnets is a good idea.

> So the first thing to be done should be to implement a gui that can
> manage CCD Networks for the openvpn Server. Here lies the next
> problem: many installations are using the dhcp Subnet from the openvpn
> server. So we need a solution that can manage both:
> 
> DHCP Openvpn AND CCD Clients.
> 
> I began to develop a kind of gui, it is still under heavy development
> and not ready yet. I like you to have a look at my early screenshots
> and give any feedback. If you like it, i will go on building that gui.

Besides the interface does not look very similar to the rest of the WUI
(I am sure that's just because of the early development state), I like
what I can see on the screenshots.

Maybe it is better to make a dropdown (<select>) on the configuration
page of the client connection, because the interface gets messy with a
higher number of subnets. I think it would also be possible to omit the
number of clients.

Is it intentional, that the user cannot select a specific IP address
from one of the subnets? Is it randomly assigned and then never touched
again?

The comment on the page where you can add a new static address pool
states that the subnet must be dividable by 4. That's true for every
subnet bigger than /30. Networks smaller than /30 won't work at all. It
should also be possible to insert the prefix size instead of the subnet
mask.

It is currently not possible to edit a subnet description. I guess it is
not possible to change the network itself and it is not possible to
delete a subnet that still has got clients configured.

Hope my comments are helping. Good work.

I am looking forward to the next screenshots when more features have
found their way into the code.

Best,
 Michael