strongSwan IKEv2/IPsec VPN plugin

[Martin Willi <martin strongswan org>]

Hi,

I've created a VPN plugin for strongSwan, a complete IPsec solution for
the native Linux IPsec stack.

It takes a slightly different approach than the other VPN daemons. The
DBUS interface is integrated directly in our IKEv2 daemon through a
plugin.

The plugins are not complete, but ready for broader testing. I've kept
everything as simple as possible for the user:

- Certificate based Gateway authentication
- PSK or EAP based user authentication
- Password auth-dialog with keyring support

Planned features:

- Private key user authentication
- Configuration Import/Export
- Translation stuff

I've created a page [1] on the strongSwan Wiki about setup and
configuration (including screenshots).


Questions:

1. The source is currently in the strongSwan SVN [2]. I think this makes
sense for the strongSwan plugin with the DBUS interface, as it is more
integrated in strongSwan than in NM. But it might make sense to push the
configuration widget and auth-dialog [3] to the NM SVN, as they have no
dependency to strongSwan. What do you think?
I could create a proper patch for NM then.

2. I've tried to use nm_vpn_plugin_failure() to notify NM about
connection/authentication errors [4], but it ignores these messages.
I've seen that the other daemons use direct DBUS method invocations to
indicate errors. Is it possible/meant to use the nm_vpn_plugin class to
signal error conditions?

Best regards
Martin

[1]http://trac.strongswan.org/wiki/NetworkManager
[2]http://trac.strongswan.org/browser/trunk/src/charon/plugins/nm
[3]http://trac.strongswan.org/browser/trunk/src/charon/plugins/nm/gnome
[4]http://trac.strongswan.org/browser/trunk/src/charon/plugins/nm/nm_service.c#L145