Dominique Leuenberger
2a0c595685
- Update to version 1.6.3: + Fix configure/linker issue when not using GNU libtool + Update URL in metainfo - Changes from version 1.6.2: + Add support to configure local and remote traffic selectors - Changes from version 1.6.1: + Migrated from intltool to gettext + Remove dependency on gnome-common - Drop intltool BuildRequires: no longer needed (forwarded request 1308659 from dimstar) OBS-URL: https://build.opensuse.org/request/show/1308777 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/NetworkManager-strongswan?expand=0&rev=28
NetworkManager allows configuration and control of VPN daemons through a plugin interface. We provide such a plugin for NetworkManager to configure road warrior clients for the most common setups. NetworkManager uses DBUS to communicate with a plugin loaded by the IKEv2 charon daemon. The plugin uses a certificate for gateway authentication and supports EAP and RSA authentication for client authentication. PSK is not supported, as it is considered insecure if the secrets are not strong enough. You can use any password based EAP method supported by strongSwan (MD5/GTC/MSCHAPv2) or private key authentication. Private keys are either stored in a file or accessed through your ready-to-use ssh-agent. You'll need a certificate matching that key. Starting with strongSwan 4.4.2 / NetworkManager-strongswan 1.2.0, private keys and certificates on a smartcard can be used. If you configure the gateway certificate directly on the clients, there are no requirements to the certificate. If you deploy CA certificates (supported in 4.3.1+), the gateway certificate will need a subjectAltName including the Hostname of the gateway (the same you enter in the clients configuration). Starting with version 4.3.5, you can also use preinstalled root CA certificates of your distribution, using the --with-nm-ca-dir configure option. Just don't specify any gateway/CA certificate to use preinstalled root certificates. CA certificates on a smartcard are automatically used.