• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Preventing a Network Service from becoming Primary
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Preventing a Network Service from becoming Primary

  • Subject: Re: Preventing a Network Service from becoming Primary
  • From: Allan Nathanson <email@hidden>
  • Date: Thu, 2 Nov 2006 10:16:51 -0500

On Nov 2, 2006, at 9:58 AM, Ben Low wrote:

On 03/11/2006, at 1:32 AM, Allan Nathanson wrote:
...
But when it comes to VPNs, it doesn't make sense - these can only ever be the default when there is an explicit route to the server already in the route table - a conditional default at best, if you will.

But it also doesn't make sense for the VPN to be active when the server is no longer accessible.

Sure - but how does a VPN that uses a connectionless transport know when the server no longer accessible?

(and having the vpn close down is only a mitigation - I still propose that the "correct" solution is to be able to prevent a route from being promoted to default / "primary"; and in that situation my little vpn doesn't even have to close down, while it'll be on dead air it can still carry any crypto state and such over until the underlying transport comes back...) 

I've got your enhancement request!

Have you looked at the SCNetworkReachability APIs (specifically, starting with SCNetworkReachabiltyCreateWithAddressPair)? FWIW, I'd avoid using a kicker script.
For the benefit of the tape (typo): SCNetworkReachabiltyCreateWithAddressPair => SCNetworkReachabilityCreateWithAddressPair

So the idea would be to patch openvpn to use SCNetworkReachability to be signalled when the server's no longer reachable - sounds good, but won't SCNetworkReachability also get tripped up by the promotion of the openvpn default? When the real links go away, and up until openvpn exits, the o/s believes everything's rosy with the default via the tun0 interface...

If you use the SCNetworkReachabiltyCreateWithAddressPair API than you'll get a notification when the reachability of the local address, the reachability of the remote address, or the network route used to communicate with the remote address changes. In your case, traffic to the remote server was being routed over "en0". When that route is no longer available you'll get a notification.

- Allan


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Re: Preventing a Network Service from becoming Primary (From: Ben Low <email@hidden>)


 >Re: Preventing a Network Service from becoming Primary (From: Allan Nathanson <email@hidden>)


 >Re: Preventing a Network Service from becoming Primary (From: Ben Low <email@hidden>)


 >Re: Preventing a Network Service from becoming Primary (From: Allan Nathanson <email@hidden>)


 >Re: Preventing a Network Service from becoming Primary (From: Ben Low <email@hidden>)






    

  • Prev by Date:
Re: Preventing a Network Service from becoming Primary

    • 

  • Next by Date:
Get 0 bytes when receive raw ethernet packet

    • 

  • Previous by thread:
Re: Preventing a Network Service from becoming Primary

    • 

  • Next by thread:
Get 0 bytes when receive raw ethernet packet

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •