Bug#529618: network-manager-vpnc: Support for vpnc+OpenSSL

Jö Fahlke Wed, 20 May 2009 08:23:43 -0700

Package: network-manager-vpnc
Version: 0.7.1-1
Severity: wishlist

Hi!


I'd like to have support in NetworkManager for vpnc compiled against OpenSSL
(thats what I have to use for the cisco-vpn of my university if I want to
check the identity of the vpn server).

For this to work, network-manager-vpnc needs to set 2 more options in the vpnc
configuration: IKE Authmode and CA-File.  The attached patch allows
NetworkManager to do just that.  Note that

a) There is currently no support from the UI so you have to set those options
   using gconf-editor (look for your vpn conncetion in
   /system/networking/connections/*, and dont get fooled by anything inside
   /system/networking/vpn-connections, that seems to be obsolete).

b) Although the interface and the routes were set up correctly with this
   patch, I could not successfully ping anything -- there seems to be
   something missing.  If anyone can figure out what it is I would be glad to
   hear about it.

Thanks,
Jö.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.28-1-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages network-manager-vpnc depends on:
ii  libc6                    2.9-4           GNU C Library: Shared libraries
ii  libdbus-1-3              1.2.12-1        simple interprocess messaging syst
ii  libdbus-glib-1-2         0.80-4          simple interprocess messaging syst
ii  libglib2.0-0             2.20.0-2        The GLib library of C routines
ii  libnm-glib-vpn0          0.7.1-1         network management framework (GLib
ii  libnm-glib0              0.7.1-1         network management framework (GLib
ii  libnm-util1              0.7.1-1         network management framework (shar
ii  vpnc                     0.5.3-1+~ossl.1 Cisco-compatible VPN client

network-manager-vpnc recommends no packages.

network-manager-vpnc suggests no packages.

-- no debconf information

-- 
Cernlib: turns your plain old PC into a quantum computer.

Index: network-manager-vpnc-0.7.1/src/nm-vpnc-service.c
===================================================================
--- network-manager-vpnc-0.7.1.orig/src/nm-vpnc-service.c	2009-05-19 17:02:27.000000000 +0200
+++ network-manager-vpnc-0.7.1/src/nm-vpnc-service.c	2009-05-19 17:02:33.000000000 +0200
@@ -66,6 +66,7 @@
 	{ NM_VPNC_KEY_ID,                    G_TYPE_STRING, 0, 0 },
 	{ NM_VPNC_KEY_XAUTH_USER,            G_TYPE_STRING, 0, 0 },
 	{ NM_VPNC_KEY_DOMAIN,                G_TYPE_STRING, 0, 0 },
+	{ NM_VPNC_KEY_AUTHMODE,              G_TYPE_STRING, 0, 0 },
 	{ NM_VPNC_KEY_DHGROUP,               G_TYPE_STRING, 0, 0 },
 	{ NM_VPNC_KEY_PERFECT_FORWARD,       G_TYPE_STRING, 0, 0 },
 	{ NM_VPNC_KEY_APP_VERSION,           G_TYPE_STRING, 0, 0 },
@@ -79,6 +80,7 @@
 	{ NM_VPNC_KEY_XAUTH_PASSWORD_TYPE,   G_TYPE_NONE, 0, 0 },
 	/* Legacy options that are ignored */
 	{ LEGACY_NAT_KEEPALIVE,              G_TYPE_STRING, 0, 0 },
+	{ NM_VPNC_KEY_CA_FILE,               G_TYPE_STRING, 0, 0 },
 	{ NULL,                              G_TYPE_NONE, 0, 0 }
 };
 
Index: network-manager-vpnc-0.7.1/src/nm-vpnc-service.h
===================================================================
--- network-manager-vpnc-0.7.1.orig/src/nm-vpnc-service.h	2009-05-19 17:02:27.000000000 +0200
+++ network-manager-vpnc-0.7.1/src/nm-vpnc-service.h	2009-05-19 17:02:33.000000000 +0200
@@ -45,6 +45,7 @@
 #define NM_VPNC_KEY_XAUTH_PASSWORD "Xauth password"
 #define NM_VPNC_KEY_XAUTH_PASSWORD_TYPE "xauth-password-type"
 #define NM_VPNC_KEY_DOMAIN "Domain"
+#define NM_VPNC_KEY_AUTHMODE "IKE Authmode"
 #define NM_VPNC_KEY_DHGROUP "IKE DH Group"
 #define NM_VPNC_KEY_PERFECT_FORWARD "Perfect Forward Secrecy"
 #define NM_VPNC_KEY_APP_VERSION "Application Version"
@@ -53,6 +54,7 @@
 #define NM_VPNC_KEY_NAT_TRAVERSAL_MODE "NAT Traversal Mode"
 #define NM_VPNC_KEY_DPD_IDLE_TIMEOUT "DPD idle timeout (our side)"
 #define NM_VPNC_KEY_CISCO_UDP_ENCAPS_PORT "Cisco UDP Encapsulation Port"
+#define NM_VPNC_KEY_CA_FILE "CA-File"
 
 #define NM_VPNC_NATT_MODE_NATT "natt"
 #define NM_VPNC_NATT_MODE_NONE "none"

signature.asc
Description: Digital signature

Bug#529618: network-manager-vpnc: Support for vpnc+OpenSSL

Reply via email to