Hi,
On Tue, 2012-10-23 at 14:23 +0200, Alexander Marx wrote:
Hi!
I am thinking of developing a GUI for vpn Firewallrules. unfortunately there are a few things to be done before i can implement this.
Great idea. I would like to offer my support.
The goal is to have a gui where one can say:
i want Roadwarrior1 to be able to have access to a specific ip in green.
To be able to do this, we need the possibility to assign a roadwarrior a fix ip-Address. This is actually not possible because of the DHCP Openvpn Subnet.
Please do not confuse the IP assignment of OpenVPN with DHCP. It's only a dynamic address pool.
Also, calling the other subnets "CCD subnets" does not suit them very well. A better solution would be "static address pool" for example? Basically, we should hide CCD completely from the user, because it's an implementation detail.
The goal is to make it very clear what kind of subnet this is. Having "dynamic" and "static" in the name of the subnets is a good idea.
So the first thing to be done should be to implement a gui that can manage CCD Networks for the openvpn Server. Here lies the next problem: many installations are using the dhcp Subnet from the openvpn server. So we need a solution that can manage both:
DHCP Openvpn AND CCD Clients.
I began to develop a kind of gui, it is still under heavy development and not ready yet. I like you to have a look at my early screenshots and give any feedback. If you like it, i will go on building that gui.
Besides the interface does not look very similar to the rest of the WUI (I am sure that's just because of the early development state), I like what I can see on the screenshots.
Maybe it is better to make a dropdown (<select>) on the configuration page of the client connection, because the interface gets messy with a higher number of subnets. I think it would also be possible to omit the number of clients.
Is it intentional, that the user cannot select a specific IP address from one of the subnets? Is it randomly assigned and then never touched again?
The comment on the page where you can add a new static address pool states that the subnet must be dividable by 4. That's true for every subnet bigger than /30. Networks smaller than /30 won't work at all. It should also be possible to insert the prefix size instead of the subnet mask.
It is currently not possible to edit a subnet description. I guess it is not possible to change the network itself and it is not possible to delete a subnet that still has got clients configured.
Hope my comments are helping. Good work.
I am looking forward to the next screenshots when more features have found their way into the code.
Best, Michael