dissociate authentication - tunnel

[DimitriPapadopoulos]

We should probably dissociate these two steps:

1. Authentication, users send credentials to the portal, receive a cookie.
2. The above cookie can be used to restart the tunnel multiple times.

Step 1 should not need root privileges as far as I can see but often requires user interaction. Step 2 can run in the background or even be implemented as a daemon. Root privileges are required to modify routing and DNS parameters, unless perhaps interfaced with systemd and/or NetworkManager.

[mrbaseman]

Sounds good to me. Maybe we should start one or more separate branches for larger changeslike this. Moving the routing to an external script (which might be a basis for much easier implementation of ipv6 support) would be another piece which I would see for a 2.0 release. The separation of authentication and tunnel establishment might not be that big change, but it may go well along with the other more fundamental changes.