Hi!
I am thinking of developing a GUI for vpn Firewallrules. unfortunately there are a few things to be done before i can implement this.
The goal is to have a gui where one can say:
i want Roadwarrior1 to be able to have access to a specific ip in green.
To be able to do this, we need the possibility to assign a roadwarrior a fix ip-Address. This is actually not possible because of the DHCP Openvpn Subnet. So the first thing to be done should be to implement a gui that can manage CCD Networks for the openvpn Server. Here lies the next problem: many installations are using the dhcp Subnet from the openvpn server. So we need a solution that can manage both:
DHCP Openvpn AND CCD Clients.
I began to develop a kind of gui, it is still under heavy development and not ready yet. I like you to have a look at my early screenshots and give any feedback. If you like it, i will go on building that gui.
Thank you
Hi,
On Tue, 2012-10-23 at 14:23 +0200, Alexander Marx wrote:
Hi!
I am thinking of developing a GUI for vpn Firewallrules. unfortunately there are a few things to be done before i can implement this.
Great idea. I would like to offer my support.
The goal is to have a gui where one can say:
i want Roadwarrior1 to be able to have access to a specific ip in green.
To be able to do this, we need the possibility to assign a roadwarrior a fix ip-Address. This is actually not possible because of the DHCP Openvpn Subnet.
Please do not confuse the IP assignment of OpenVPN with DHCP. It's only a dynamic address pool.
Also, calling the other subnets "CCD subnets" does not suit them very well. A better solution would be "static address pool" for example? Basically, we should hide CCD completely from the user, because it's an implementation detail.
The goal is to make it very clear what kind of subnet this is. Having "dynamic" and "static" in the name of the subnets is a good idea.
So the first thing to be done should be to implement a gui that can manage CCD Networks for the openvpn Server. Here lies the next problem: many installations are using the dhcp Subnet from the openvpn server. So we need a solution that can manage both:
DHCP Openvpn AND CCD Clients.
I began to develop a kind of gui, it is still under heavy development and not ready yet. I like you to have a look at my early screenshots and give any feedback. If you like it, i will go on building that gui.
Besides the interface does not look very similar to the rest of the WUI (I am sure that's just because of the early development state), I like what I can see on the screenshots.
Maybe it is better to make a dropdown (<select>) on the configuration page of the client connection, because the interface gets messy with a higher number of subnets. I think it would also be possible to omit the number of clients.
Is it intentional, that the user cannot select a specific IP address from one of the subnets? Is it randomly assigned and then never touched again?
The comment on the page where you can add a new static address pool states that the subnet must be dividable by 4. That's true for every subnet bigger than /30. Networks smaller than /30 won't work at all. It should also be possible to insert the prefix size instead of the subnet mask.
It is currently not possible to edit a subnet description. I guess it is not possible to change the network itself and it is not possible to delete a subnet that still has got clients configured.
Hope my comments are helping. Good work.
I am looking forward to the next screenshots when more features have found their way into the code.
Best, Michael
Am 23.10.2012 18:42, schrieb Michael Tremer:
Hi,
On Tue, 2012-10-23 at 14:23 +0200, Alexander Marx wrote:
Hi!
I am thinking of developing a GUI for vpn Firewallrules. unfortunately there are a few things to be done before i can implement this.
Great idea. I would like to offer my support.
The goal is to have a gui where one can say:
i want Roadwarrior1 to be able to have access to a specific ip in green.
To be able to do this, we need the possibility to assign a roadwarrior a fix ip-Address. This is actually not possible because of the DHCP Openvpn Subnet.
Please do not confuse the IP assignment of OpenVPN with DHCP. It's only a dynamic address pool.
Also, calling the other subnets "CCD subnets" does not suit them very well. A better solution would be "static address pool" for example? Basically, we should hide CCD completely from the user, because it's an implementation detail.
The goal is to make it very clear what kind of subnet this is. Having "dynamic" and "static" in the name of the subnets is a good idea.
Ok i see what you mean but does it make sense to have "static" or "dynamic" in the name? There can be only ONE dynamic pool this is the ovpn subnet. All other subnets that can be configured through the gui are static...
So the first thing to be done should be to implement a gui that can manage CCD Networks for the openvpn Server. Here lies the next problem: many installations are using the dhcp Subnet from the openvpn server. So we need a solution that can manage both:
DHCP Openvpn AND CCD Clients.
I began to develop a kind of gui, it is still under heavy development and not ready yet. I like you to have a look at my early screenshots and give any feedback. If you like it, i will go on building that gui.
Besides the interface does not look very similar to the rest of the WUI (I am sure that's just because of the early development state), I like what I can see on the screenshots.
Thank you. Well i will try to make it look more like the othertables on the WUI...
Maybe it is better to make a dropdown (<select>) on the configuration page of the client connection, because the interface gets messy with a higher number of subnets. I think it would also be possible to omit the number of clients.
you are completely right. i just copied the table from the ccd net's config page ;-)
Is it intentional, that the user cannot select a specific IP address from one of the subnets? Is it randomly assigned and then never touched again?
No it is work in progress. There should be a drop downlist with all possible ip-addresses from the specific network.
The comment on the page where you can add a new static address pool states that the subnet must be dividable by 4. That's true for every subnet bigger than /30. Networks smaller than /30 won't work at all. It should also be possible to insert the prefix size instead of the subnet mask.
Yes. i am checking the subnetmasks. biggest one is 255.255.240.0 and the smallest is 255.255.255.248
It is currently not possible to edit a subnet description. I guess it is not possible to change the network itself and it is not possible to delete a subnet that still has got clients configured.
Well if clicking on the delete button in the ccd-net page, then a popup should ask if all roadwarriors in that net should also be deleted...
Hope my comments are helping. Good work.
I am looking forward to the next screenshots when more features have found their way into the code.
Best, Michael
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
-
Alexander Marx -
Michael Tremer