strongSwan on Maemo (Nokia N900)

Two packages have been uploaded to the Extras repository which hosts software for Maemo 5 driven devices (e.g. the Nokia N900).

Both packages are currently available in the extras/testing repository. If you read this, please test the packages and vote for them accordingly, to promote them to the Extras repository.

The stock N900 kernel currently does not provide the required IPsec kernel modules. Installing the kernel-power package is required to use strongSwan.

Package: strongswan

This package contains the IKEv2 daemon charon, the ipsec script, starter and all the required libraries. It also contains the old IKEv1 daemon pluto.

Configuration can be done as usual via /etc/ipsec.conf. To edit this file and to initiate the connections with the ipsec script, the rootsh package is required.

Package: strongswan-applet

This package contains two graphical widgets which allow to easily configure and initiate IKEv2 connections. Currently only EAP authentication (username/password) is supported.

Compatible gateway configurations can be found in the Windows 7 how-tos: Gateway Configuration.

The connections can be configured in the strongSwan VPN applet that is located in the default settings application.
As can be seen in the following screenshot the configuration is rather simple.

Screenshot of the settings widget

  • Name: An arbitrary name, so the connection can easily be identified
  • Host: The hostname or IP address of the gateway. This value has to be confirmed by the server's certificate either as DN or subjectAltName.
  • Certificate (optional): This is either the server certificate or the certificate of the CA which issued the server certificate.
    If no certificate is selected, the system wide certificate store is used to validate the server certificate.
  • Username: The username to be used during authentication

To initiate the configured connections a status bar applet is provided.

Screenshot of the status bar applet Screenshot of the status bar applet after the connection has been established

Clicking on the strongSwan VPN button in the status bar allows the user to select one of the configured connections and then, after typing in the password, to initiate it.
After the connection has been established successfully the icon and button text changes (see right image) and a subsequent click on the button allows the user to terminate the connection.

settings.png - Screenshot of the settings widget (46.2 KB) Tobias Brunner, 10.02.2011 18:04

status.png - Screenshot of the status bar applet (55.4 KB) Tobias Brunner, 10.02.2011 18:39

status-connected.png - Screenshot of the status bar applet after the connection has been established (55.6 KB) Tobias Brunner, 10.02.2011 18:53