Project

General

Profile

NetworkManager » History » Version 8

Martin Willi, 21.08.2008 23:09
cosmetics

1 1 Martin Willi
= !NetworkManager =
2 1 Martin Willi
3 1 Martin Willi
[http://www.gnome.org/projects/NetworkManager/ NetworkManager] allows configuration and control of VPN daemons through a plugin interface. We provide such a plugin for !NetworkManager to configure road warrior clients for the most common setups.
4 1 Martin Willi
5 8 Martin Willi
!NetworkManager uses DBUS to communicate with a plugin loaded by the IKEv2 charon daemon.
6 1 Martin Willi
7 1 Martin Willi
== Dependencies ==
8 1 Martin Willi
9 8 Martin Willi
The strongSwan extensions are written for !NetworkManager 0.7. Therefore you will need at least SVN !r3925. Compile it from source, or as a Ubuntu user, use the [https://launchpad.net/~network-manager/+archive available PPA]:
10 1 Martin Willi
{{{
11 1 Martin Willi
echo "deb http://ppa.launchpad.net/network-manager/ubuntu hardy main" >> /etc/apt/sources.list
12 3 Martin Willi
aptitude update
13 3 Martin Willi
aptitude upgrade
14 3 Martin Willi
aptitude install network-manager-dev libnm-util-dev libnm-glib-dev libgnomeui-dev # and everything I missed
15 1 Martin Willi
}}}
16 1 Martin Willi
17 1 Martin Willi
== Compilation ==
18 1 Martin Willi
19 8 Martin Willi
NM integration works only for IKEv2, but this allows us to disable a lot of FreeS/WAN legacy stuff. Since on a desktop we have OpenSSL installed anyway, we are going to use libcrypto for all cryptographical operations:
20 1 Martin Willi
21 1 Martin Willi
{{{
22 1 Martin Willi
# get strongswan SVN
23 1 Martin Willi
svn co http://www.strongswan.org/ikev2/trunk strongswan
24 1 Martin Willi
cd strongswan
25 1 Martin Willi
26 1 Martin Willi
# build charon with OpenSSL/NM Plugin
27 1 Martin Willi
./autogen.sh
28 1 Martin Willi
./configure --disable-aes --disable-des --disable-md5 --disable-sha1 --disable-sha2 \
29 1 Martin Willi
--disable-fips-prf --disable-gmp --disable-stroke --disable-pluto --disable-tools \
30 1 Martin Willi
--disable-updown --enable-openssl --enable-nm \
31 1 Martin Willi
--sysconfdir=/etc --prefix=/usr --libexecdir=/usr/lib
32 1 Martin Willi
make
33 1 Martin Willi
make install
34 1 Martin Willi
35 1 Martin Willi
# build NetworkManager's strongsSwan plugin
36 1 Martin Willi
cd src/charon/plugins/nm/gnome
37 1 Martin Willi
./autogen.sh --sysconfdir=/etc --prefix=/usr --libexecdir=/usr/lib
38 4 Martin Willi
make
39 4 Martin Willi
make install
40 1 Martin Willi
41 1 Martin Willi
}}}
42 1 Martin Willi
43 8 Martin Willi
The NM plugin is designed to interoperate nicely with [wiki:EAP-GTC] authentication, which allows you to authenticate against a PAM service on your VPN gateway with username/password. Don't worry - this is still secure because the gateway has to prove its identity first, before the user credentials are transmitted. To enable the module, add
44 7 Martin Willi
{{{
45 7 Martin Willi
--enable-eap-gtc
46 7 Martin Willi
}}}
47 7 Martin Willi
to your strongSwan configure options.
48 7 Martin Willi
49 1 Martin Willi
== Configuration ==
50 1 Martin Willi
51 1 Martin Willi
 * Click on nm-applet -> VPN Connections -> Confiugre VPN...
52 1 Martin Willi
 * Add -> Ipsec/Ikev2 (strongswan) -> Create ...
53 1 Martin Willi
 * Configure your client
54 1 Martin Willi
 * Click on nm-applet -> VPN Connections -> Your Connection
55 1 Martin Willi
 * Enter password
56 2 Martin Willi
57 2 Martin Willi
== Screenshots ==
58 2 Martin Willi
59 2 Martin Willi
[[Image(nm-strongswan-config.png, nolink)]][[Image(nm-strongswan-auth.png, nolink)]]