ocserv: Added ocserv package #2550
Conversation
|
A screenshot with the information provided is at: http://people.redhat.com/nmavrogi/screenshot.png |
|
thanks! |
| height: 100%; | ||
| } | ||
|
|
||
| .users-id { |
There was a problem hiding this comment.
To avoid name clashes, Cockpit has the convention to use namespaces, e.g. ocserv-users-id
|
How does cockpit become aware of changes on the server? It looks like ocserv doesn't have a dbus interface, but cockpit can also monitor files on the system. |
Are there designs that show what the scope of this is, eventually? |
|
If there are decisions to be made, it's usually a good idea to pour goals and ideas into a wiki feature page, such as the one for subscription management |
|
I've added a wiki page with the feature at: |
|
Cool. Agree with @dperpeet, that this should be an optionally installed component. The design needs review from a designer, CC @andreasn. I've added some feedback on https://github.com/cockpit-project/cockpit/wiki/Feature:-Ocserv |
|
One of the main things that concerns me, is how does the user get started running a VPN server? While the status dashboard is useful, no doubt, it will lead to a lot of questions as to how to get this setup. Obviously this pull request shouldn't need to block on this, but we do need to have a plan figured out before we merge it. Some ideas: @sgallagher Does this make sense as a rolekit role? @nmav Can ocserv run in a privileged container? If so, we could help the user start it that way. |
|
Yes, I think a server role for a VPN server makes perfect sense. With progress already being made in monitoring such a role from Cockpit, I think selecting OpenConnect as the VPN server (at least for SSL VPNs) makes good sense. @nmav If you're interested in this, I'd be happy to assist you with building this as a server role. Please open an RFE at https://github.com/libre-server/rolekit/issues/ and we'll work on it there. |
| <html> | ||
|
|
||
| <head> | ||
| <title>OpenConnect VPN</title> |
There was a problem hiding this comment.
This should have the attribute translatable=yes.
|
Agree with @dperpeet, that this needs to update itself as things change on the server. The user should never have to refresh cockpit (unless they're changing the code). |
| } | ||
|
|
||
| $("#users_table").append('<tr><td class="ocserv-users-id">' + Object.ID + '</td>' + | ||
| '<td class="ocserv-users-name">' + Object.Username + '</td>' + |
There was a problem hiding this comment.
This is a XSS security vulnerability. A user could have HTML in their name, and it would be interpretted here, including scripts and javascript. Please use Mustache instead or use jQuery text() function to prevent parsing data as HTML.
It displays basic information on the logged in clients in openconnect VPN server. This is an early version released as a request for comments.
Currently none. That will have to work with polling initially (I'd appreciate any hints for that) and be revised when there is a mechanism to receive events from server.
Yes ocserv could run from a container. At least if IPv6 functionality isn't needed (I haven't managed to use IPv6 with docker). Other than that, ocserv's test suite is based on docker.
Thanks, will do.
I'll try to understand how to do that. |
|
@nmav I imagine things have been busy? I hope it's okay if we move this proof of concept into the cockpit "examples" directory, until such a time as it gets picked up again? |
This is a pull request that sat around for many months in the cockpit project without being completed. In particular in needs some way to determine when the state changes in ocserv, so that the UI can be updated. When that is available this can be taken out of the examples/ directory and turned into a real cockpit package. Closes cockpit-project#3398 Closes cockpit-project#2550
|
@stefwalter I could not understand how to do the requested changes and given up; sorry. I may be able to revive it at some point in the future. |
It displays basic information on the logged in clients in openconnect
VPN server. This is an early version released as a request for comments.