4 files changed, 41 insertions, 23 deletions
diff --git a/src/leap/bitmask/vpn/process.py b/src/leap/bitmask/vpn/process.py
index 9b235260..3de652ff 100644
--- a/src/leap/bitmask/vpn/process.py
+++ b/src/leap/bitmask/vpn/process.py
@@ -138,7 +138,6 @@ class _VPNProcess(protocol.ProcessProtocol, _management.VPNManagement):
             if 'SIGTERM[soft,ping-restart]' in line:
                 self.restarting = True
             self.log.info(line)
-            # self._status.watch(line)
 
     def processExited(self, failure):
         """
diff --git a/src/leap/bitmask/vpn/service.py b/src/leap/bitmask/vpn/service.py
index a792d1e6..fc39bcc8 100644
--- a/src/leap/bitmask/vpn/service.py
+++ b/src/leap/bitmask/vpn/service.py
@@ -26,7 +26,7 @@ from time import strftime
 from twisted.internet import defer
 
 from leap.bitmask.hooks import HookableService
-from leap.bitmask.vpn.vpn import VPNManager
+from leap.bitmask.vpn.tunnelmanager import TunnelManager
 from leap.bitmask.vpn._checks import is_service_ready, get_vpn_cert_path
 from leap.bitmask.vpn import privilege, helpers
 from leap.bitmask.vpn.privilege import NoPolkitAuthAgentAvailable
@@ -53,7 +53,7 @@ class VPNService(HookableService):
         super(VPNService, self).__init__()
 
         self._started = False
-        self._vpn = None
+        self._tunnelmanager = None
         self._domain = ''
 
         if basepath is None:
@@ -87,7 +87,7 @@ class VPNService(HookableService):
         yield self._setup(domain)
 
         try:
-            started = self._vpn.start()
+            started = self._tunnelmanager.start()
 
         # XXX capture it inside start method
         # here I'd like to get (status, message)
@@ -108,15 +108,15 @@ class VPNService(HookableService):
         # TODO -----------------------------
         # when shutting down the main bitmaskd daemon, this should be called.
 
-        if not self._vpn:
+        if not self._tunnelmanager:
             raise Exception('VPN was not running')
 
         if self._started:
-            self._vpn.stop()
+            self._tunnelmanager.stop()
             self._started = False
             return {'result': 'vpn stopped'}
-        elif self._vpn.is_firewall_up():
-            self._vpn.stop_firewall()
+        elif self._tunnelmanager.is_firewall_up():
+            self._tunnelmanager.stop_firewall()
             return {'result': 'firewall stopped'}
         else:
             raise Exception('VPN was not running')
@@ -128,8 +128,8 @@ class VPNService(HookableService):
             'childrenStatus': {}
         }
 
-        if self._vpn:
-            status = self._vpn.get_status()
+        if self._tunnelmanager:
+            status = self._tunnelmanager.get_status()
 
         if self._domain:
             status['domain'] = self._domain
@@ -179,7 +179,7 @@ class VPNService(HookableService):
 
     @defer.inlineCallbacks
     def _setup(self, provider):
-        """Set up VPNManager for a specified provider.
+        """Set up TunnelManager for a specified provider.
 
         :param provider: the provider to use, e.g. 'demo.bitmask.net'
         :type provider: str"""
@@ -203,8 +203,8 @@ class VPNService(HookableService):
                 'Cannot find provider certificate. '
                 'Please configure provider.')
 
-        self._vpn = VPNManager(provider, remotes, cert_path, key_path, ca_path,
-                               extra_flags)
+        self._tunnelmanager = TunnelManager(
+            provider, remotes, cert_path, key_path, ca_path, extra_flags)
 
     def _cert_expires(self, provider):
         path = os.path.join(self._basepath, "leap", "providers", provider,
diff --git a/src/leap/bitmask/vpn/manager.py b/src/leap/bitmask/vpn/tunnel.py
index 2b113a75..4236edf5 100644
--- a/src/leap/bitmask/vpn/manager.py
+++ b/src/leap/bitmask/vpn/tunnel.py
@@ -16,7 +16,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 """
-VPN Manager
+VPN Tunnel.
 """
 
 import os
@@ -27,10 +27,20 @@ from ._config import _TempVPNConfig, _TempProviderConfig
 from .constants import IS_WIN
 
 
-# TODO this is very badly named. There is another class that is called manager.
-# TODO Call it Tunnel? Tunnel = vpn + firewall
+# TODO refactor - this class is still a very light proxy around the
+# underlying VPNControl. The main methods here are start/stop, so this
+# looks like it could better use the Service interface.
+# TODO gateway selection should be done in this class.
+# TODO DO NOT pass VPNConfig/ProviderConfig beyond this class.
+# TODO split sync/async vpn control mechanisms.
 
-class TunnelManager(object):
+
+class VPNTunnel(object):
+
+    """
+    A VPN Tunnel holds the configuration for a VPN connection, and allows to
+    control that connection.
+    """
 
     def __init__(self, provider, remotes, cert_path, key_path, ca_path,
                  extra_flags):
@@ -52,6 +62,7 @@ class TunnelManager(object):
         self._providerconfig = _TempProviderConfig(provider, ca_path)
 
         host, port = self._get_management_location()
+
         self._vpn = VPNControl(remotes=remotes,
                                vpnconfig=self._vpnconfig,
                                providerconfig=self._providerconfig,
diff --git a/src/leap/bitmask/vpn/vpn.py b/src/leap/bitmask/vpn/tunnelmanager.py
index 23f0a582..5faac662 100644
--- a/src/leap/bitmask/vpn/vpn.py
+++ b/src/leap/bitmask/vpn/tunnelmanager.py
@@ -19,15 +19,23 @@
 from colorama import Fore
 
 from leap.bitmask.util import merge_status
-from leap.bitmask.vpn.manager import TunnelManager
+
 from leap.bitmask.vpn.fw.firewall import FirewallManager
+from leap.bitmask.vpn.tunnel import VPNTunnel
+
+
+# TODO further refactor pending: merge with VPNService?
+
 
+class TunnelManager(object):
 
-class VPNManager(object):
+    """
+    A TunnelManager controls VPN and Firewall
+    """
 
     def __init__(self, provider, remotes, cert, key, ca, flags):
 
-        self._vpn = TunnelManager(
+        self._vpntunnel = VPNTunnel(
             provider, remotes, cert, key, ca, flags)
         self._firewall = FirewallManager(remotes)
         self.starting = False
@@ -45,7 +53,7 @@ class VPNManager(object):
         print(Fore.GREEN + "Firewall: started" + Fore.RESET)
 
         try:
-            vpn_ok = self._vpn.start()
+            vpn_ok = self._vpntunnel.start()
         except Exception:
             self.starting = False
             return False
@@ -71,7 +79,7 @@ class VPNManager(object):
         print(Fore.GREEN + "Firewall: stopped." + Fore.RESET)
         print(Fore.BLUE + "VPN: stopping..." + Fore.RESET)
 
-        vpn_ok = self._vpn.stop()
+        vpn_ok = self._vpntunnel.stop()
         if not vpn_ok:
             print (Fore.RED + "VPN: Error stopping." + Fore.RESET)
             return False
@@ -87,7 +95,7 @@ class VPNManager(object):
 
     def get_status(self):
         childrenStatus = {
-            "vpn": self._vpn.status,
+            "vpn": self._vpntunnel.status,
             "firewall": self._firewall.status
         }
         if self.starting: