[vpn-help] Client features, perchance a wishlist
Matthew Grooms
mgrooms at shrew.net
Wed Aug 23 15:42:05 CDT 2006
Peter Eisch wrote:
> - There should be a way to see the spd's and or at least purge them.
> This is most useful in debugging, but if the disconnect doesn't go
> cleanly the user won't know how to reset the ipsecd. The client will
> continue to use the phase 1 key while the server may have expired the key
> (er, or the server got reset perhaps?).
>
Being able to list the policies and associations is a good idea. The VPN
Trace application will grow in functionality over time and most likely
gain this ability through some sort of administrative port.
Phase 1 associations die when the client disconnects from IPSECD so this
shouldn't be an issue. If the server shuts down non-gracefully, that
will be addressed once the DPD support in the 1.1 branch becomes active.
At the moment it only responds to DPD queries.
> - The session panel should minimize to the system tray like most any other
> "network interface" icon.
>
Another good idea. The VPN Site Manager is going to gain a preferences
dialog in a future release. This suggestion sounds like a good candidate
for a user scope option ( ala winamp minimize to system tray ).
> - Rolling over the session panel in the system tray should bubble the same
> information as displayed under the network tab.
>
I will add this to my todo list for the 1.1 release.
> - (blue sky thought) use the XP login auth credentials
> (login/domain/password) as the login at domain/passsword or atleast
> login/password when using a login and password
> In the Auth tab of the config, provide a checkbox to use the domain
> login information. There could be a hidden config (like for the banner)
> that could disable that checkbox for managed installs.
>
I am opposed to storing or pre-populating user passwords. I don't think
it would be possible to pull the user system password anyway given the
2K/NT security architecture. There could be a user scope option for
populating the user name. Let me think about it.
> - When you click on "Disconnect" in the session panel, the message that
> appears indicates that the session ended prematurely.
> If clicking on the button is premature, what would be the right time to
> terminate?
>
> - When the session ends for any reason other than the user clicking
> Disconnect, offer the option to automatically reconnect.
> This could be in the preferences pane as an option.
>
Both good calls. I will fix this for the 1.1 release.
> - Is there a way to start a session from a .bat script?
>
Yes, click the ipsecc.exe and it will spit out command line options in
the feedback window. I have toyed with the idea of allowing users to
drag a shortcut out of the Site Manager window directly to the desktop
for quick connections.
> - The DPD support, as you noted, would be good too
>
Already in 1.1 branch as responder. Will work on the initiator support
as well.
> I'll see if I can get -current running of ipsec-tools in my lab and get this
> pushed over to stable systems we can continue to work with here.
>
Thanks for everything!
-Matthew
More information about the vpn-help
mailing list