• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag
 

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Preventing a Network Service from becoming Primary
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Preventing a Network Service from becoming Primary

  • Subject: Re: Preventing a Network Service from becoming Primary
  • From: Ben Low <email@hidden>
  • Date: Fri, 3 Nov 2006 01:58:56 +1100
On 03/11/2006, at 1:32 AM, Allan Nathanson wrote:
...
But when it comes to VPNs, it doesn't make sense - these can only ever be the default when there is an explicit route to the server already in the route table - a conditional default at best, if you will.

But it also doesn't make sense for the VPN to be active when the server is no longer accessible.

Sure - but how does a VPN that uses a connectionless transport know when the server no longer accessible?

(and having the vpn close down is only a mitigation - I still propose that the "correct" solution is to be able to prevent a route from being promoted to default / "primary"; and in that situation my little vpn doesn't even have to close down, while it'll be on dead air it can still carry any crypto state and such over until the underlying transport comes back...)


Have you looked at the SCNetworkReachability APIs (specifically, starting with SCNetworkReachabiltyCreateWithAddressPair)? FWIW, I'd avoid using a kicker script.
For the benefit of the tape (typo): SCNetworkReachabiltyCreateWithAddressPair => SCNetworkReachabilityCreateWithAddressPair

So the idea would be to patch openvpn to use SCNetworkReachability to be signalled when the server's no longer reachable - sounds good, but won't SCNetworkReachability also get tripped up by the promotion of the openvpn default? When the real links go away, and up until openvpn exits, the o/s believes everything's rosy with the default via the tun0 interface...


Rgds,
Ben

--
Ben Low
email@hidden

"I am not young enough to know everything." - Oscar Wilde (1854-1900)
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Preventing a Network Service from becoming Primary

      • From: Allan Nathanson <email@hidden>
      • 





References: 


 >Re: Preventing a Network Service from becoming Primary (From: Ben Low <email@hidden>)


 >Re: Preventing a Network Service from becoming Primary (From: Allan Nathanson <email@hidden>)


 >Re: Preventing a Network Service from becoming Primary (From: Ben Low <email@hidden>)


 >Re: Preventing a Network Service from becoming Primary (From: Allan Nathanson <email@hidden>)






    

  • Prev by Date:
Re: Preventing a Network Service from becoming Primary

    • 

  • Next by Date:
Re: Preventing a Network Service from becoming Primary

    • 

  • Previous by thread:
Re: Preventing a Network Service from becoming Primary

    • 

  • Next by thread:
Re: Preventing a Network Service from becoming Primary

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •