pool/NetworkManager-strongswan
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11 Commits 1 Branch 0 Tags 107 KiB
Standard ML 100%
4205bd65b7
Go to file
Bjørn Lie 4205bd65b7 Accepting request 311401 from home:dimstar:branches:GNOME:Factory 
- Drop the sed hack to fix bnc#824079: since verson 1.3.1, the
  charon binary to be found is already called charon-nm by
  upstream (boo#934129).
- Clean out conditions for legacy openSUSE versions: we will always
  require strongswan > 5 as a consequence (which is correct, as
  that's when charon-nm was introduced).

OBS-URL: https://build.opensuse.org/request/show/311401
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/NetworkManager-strongswan?expand=0&rev=14
2015-06-10 10:57:48 +00:00
.gitattributes Accepting request 53752 from home:BinLi:branches:GNOME:Factory 2010-12-06 13:44:14 +00:00
.gitignore Accepting request 53752 from home:BinLi:branches:GNOME:Factory 2010-12-06 13:44:14 +00:00
NetworkManager-strongswan-1.3.1.tar.bz2 Accepting request 231381 from home:dimstar:branches:GNOME:Factory 2014-04-25 17:24:59 +00:00
NetworkManager-strongswan.changes Accepting request 311401 from home:dimstar:branches:GNOME:Factory 2015-06-10 10:57:48 +00:00
NetworkManager-strongswan.spec Accepting request 311401 from home:dimstar:branches:GNOME:Factory 2015-06-10 10:57:48 +00:00
nm-strongswan-service-conf.patch Accepting request 53752 from home:BinLi:branches:GNOME:Factory 2010-12-06 13:44:14 +00:00
README Accepting request 53752 from home:BinLi:branches:GNOME:Factory 2010-12-06 13:44:14 +00:00

README 

NetworkManager allows configuration and control of VPN daemons through
a plugin interface.
We provide such a plugin for NetworkManager to configure road warrior
clients for the most common setups.

NetworkManager uses DBUS to communicate with a plugin loaded by the
IKEv2 charon daemon.

The plugin uses a certificate for gateway authentication and supports
EAP and RSA authentication for client authentication.
PSK is not supported, as it is considered insecure if the secrets are
not strong enough.

You can use any password based EAP method supported by strongSwan
(MD5/GTC/MSCHAPv2) or private key authentication. Private keys are
either stored in a file or accessed through your ready-to-use ssh-agent.
You'll need a certificate matching that key.
Starting with strongSwan 4.4.2 / NetworkManager-strongswan 1.2.0,
private keys and certificates on a smartcard can be used.

If you configure the gateway certificate directly on the clients, there
are no requirements to the certificate. If you deploy CA certificates
(supported in 4.3.1+), the gateway certificate will need a subjectAltName
including the Hostname of the gateway (the same you enter in the clients
configuration). Starting with version 4.3.5, you can also use preinstalled
root CA certificates of your distribution, using the --with-nm-ca-dir
configure option. Just don't specify any gateway/CA certificate to use
preinstalled root certificates.
CA certificates on a smartcard are automatically used.