strongSwan on Maemo (Nokia N900)¶
Both packages are currently available in the extras/testing repository. If you read this, please test the packages and vote for them accordingly, to promote them to the Extras repository.
The stock N900 kernel currently does not provide the required IPsec kernel modules. Installing the kernel-power package is required to use strongSwan.
This package contains the IKEv2 daemon charon, the ipsec script, starter and all the required libraries. It also contains the old IKEv1 daemon pluto.
This package contains two graphical widgets which allow to easily configure and initiate IKEv2 connections. Currently only EAP authentication (username/password) is supported.
The connections can be configured in the strongSwan VPN applet that is located in the default settings application.
As can be seen in the following screenshot the configuration is rather simple.
- Name: An arbitrary name, so the connection can easily be identified
- Host: The hostname or IP address of the gateway. This value has to be confirmed by the server's certificate either as DN or subjectAltName.
- Certificate (optional): This is either the server certificate or the certificate of the CA which issued the server certificate.
If no certificate is selected, the system wide certificate store is used to validate the server certificate.
- Username: The username to be used during authentication
To initiate the configured connections a status bar applet is provided.
Clicking on the strongSwan VPN button in the status bar allows the user to select one of the configured connections and then, after typing in the password, to initiate it.
After the connection has been established successfully the icon and button text changes (see right image) and a subsequent click on the button allows the user to terminate the connection.