OoO En cette nuit nuageuse du vendredi 23 mai 2008, vers 00:20, Dan Williams <[EMAIL PROTECTED]> disait:
>> LT2P/IPsec becomes a popular choice for setting up VPN. Security is greater >> than PPTP solutions and clients are included in Windows and Mac OS X. >> Unfortunately, this is quite difficult to setup on Linux. Having a plugin >> for network-manager will be great. > So we need a few things from openswan. The first is to either accept > command-line arguments for configuration, or to accept configuration > from stdin and not from a file. There's quite a few reasons why we > shouldn't be writing out a config file, and there's more reasons why we > shouldn't be pointing openswan at an existing config file. Well, this would be a bit difficult. There others IKE daemon that may be configured this way: - isakmpd from OpenBSD accepts to be enterily configured using a named pipe - iked from Shrew Soft VPN client has an IKE daemon that also accepts to be configured in a similar way I will test if one of them is able to establish a proper IPsec tunnel suitable for L2TP/IPsec. >> - setup L2TP part with xl2tpd (which needs ppp) > Hmm, we'll need to control xl2tpd then too, but we'll need to be able to > tell it what options to pass to pppd, not give it a config file. We > also need to be able to feed secrets to it over stdin or via a plugin if > possible. This is what's done for pppd, since pppd allows plugins to > handle the authentication. xl2tpd can either use a plugin for pppd and do the authentication itself or just let pppd do the authentication. So the actual plugin for pppd will do the trick. Concerning pppd options, unfortunately, xl2tpd seems to have no other options than to pass a file to pppd. > The problem with config files is that we'd be writing them out every > time we launch the daemon, because the VPN settings come from a variety > of sources. They are pulled from the user's session store (GConf on > Gnome) or from system settings, they don't get stored in the native > daemons config files. Can't we write temporary files? xl2tpd accepts to take any configuration file. Thanks for your insight! -- BOFH excuse #63: not properly grounded, please bury computer _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
