Re: Generic IPSEC vpn plugin
- From: Paul Wouters <paul xelerance com>
- To: Peter Robinson <pbrobinson gmail com>
- Cc: networkmanager-list gnome org
- Subject: Re: Generic IPSEC vpn plugin
- Date: Tue, 7 Apr 2009 12:00:19 -0400 (EDT)
On Tue, 7 Apr 2009, Peter Robinson wrote:
Openswan has a GSoC project submission for this. One of the issues is
the architecture of NM, which focusses on user-based, and the the
architecture of ipsec, which is host-based. This creates some issues,
one of which is where and how to store and pass user/host credentials.
Well an ipsec vpn can be either a site-to-site tunnel which is system
wide, but it can also be client side which is just like vpnc or any of
the other current vpn ones which would be user based. I wouldn't have
thought it would be any different to the issues that were had with the
system wide ethernet vs bringing it up on login.
There is only one ethernet. There can be many tunnels, some might even
conflict between users who are logged in. Also, ethernet has no credentials,
while for IPsec and L2TP you are talking about X.509 certificates, PSK's,
username's and passwords. Openswan, xl2tpd and NM need to agree on where
this information is stored, and they all have their own methods now, and
now everything can be passed via the commandline.
By next week we should know if this project is starting. We did get a
few applications for this.
Awesome! Out of interest is there a list of the network manager gsoc
stuff for NetworkManger? Feel free to add me to the testing list. I
have access through my job for testing of either site-to-site or
client side IPSEC with cisco PIX, cisco IOS, Alteon VPN concentrator,
juniper netscreen, fortigate and checkpoint firewalls. That probably
covers most of the enterprise stuff out there.
We're hanging out on freenode at #xelerance-gsoc
Paul
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
