- The fields in the dictionary Parameters has changed to support split tunnel VPN function.
- The original proposal used a integer handle to identify configurations. It is changed to string identifiers to support GUIDs in the future.
- New signals are added to support UI and allow the future addition of policy support for VPN clients.
- The enum VpnConnectionState is trimmed down to the needed states alone.
Full Diff in the IDL since the beginning
Saswat Panigrahi | Product Manager - Chrome for Work | sas...@google.com | +49 89 839300999Google Germany GmbHDienerstr. 12, 80331 MunichRegistergericht und -nummer: Hamburg, HRB 86891Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
- // The enum is used by the platform to notify the client of - // connection and network related status. - // TODO: Document the messages + // The enum is used by the platform to notify the client of the VPN session + // status. enum PlatformMessage { connected, disconnected, - underlyingNetworkDisconnected, error };
I created CL https://codereview.chromium.org/1020433002/ for updating the documentation and switching the flag to stable.
There are a number of security-related comments on the design doc that were never resolved. Can you please update the design doc with any changes that were made, respond to the comments, and/or resolve the comments?
Thanks Prabhu. There are still some open questions in the doc at the bottom (quoted here), can you tell me what you ended up doing?General Comments and Observations
The current VPN proposal expects the user to initiate the VPN connection via an appropriate UI. This ensures that evil VPN is not allowed to auto-install and redirect all the network traffic to it. Though this is relatively secure, the following usability related questions remain open.
Should the user initiate the connection every time or can he ask the platform to auto-connect in subsequent user logins?
Do we allow admins to force install a VPN extension and initiate the connection automatically?
Some URLs may need to be accessed with and without VPN, for example request to DM server should probably tried
LGTMBy the way, could someone on your team take a look at https://code.google.com/p/chromium/issues/detail?id=369838? Right now, there is no notification when a VPN connection drops. A user might therefore continue accessing HTTP traffic over an insecure network, thinking they are protected by a VPN. I imagine that addressing this would be useful both for first-party VPN and third-party VPN. The bug has been stale since May 2014.
LGTMBy the way, could someone on your team take a look at https://code.google.com/p/chromium/issues/detail?id=369838? Right now, there is no notification when a VPN connection drops. A user might therefore continue accessing HTTP traffic over an insecure network, thinking they are protected by a VPN. I imagine that addressing this would be useful both for first-party VPN and third-party VPN. The bug has been stale since May 2014.