--- I'm migrating our strongSwan VPN plugin [1] to NetworkManager 0.9. We use the native Linux IPsec stack. It doesn't use any tundev or ipsec network devices, but handles encryption transparently in the networking stack.
Unfortunately, the new release (d2d1f2e9, actually) explicitly requires a tunnel device, making the Linux XFRM IPsec stack unusable with NetworkManager. The trick I used previously by passing an invalid device does not work anymore. The patch below leverages the requirements for a VPN specific device. It works fine here, but I'm not sure if it is the best way to handle VPN connections without a networking device. Best regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=tree;f=src/frontends/gnome src/vpn-manager/nm-vpn-connection.c | 19 +++++++------------ 1 files changed, 7 insertions(+), 12 deletions(-) diff --git a/src/vpn-manager/nm-vpn-connection.c b/src/vpn-manager/nm-vpn-connection.c index 75ba645..e278266 100644 --- a/src/vpn-manager/nm-vpn-connection.c +++ b/src/vpn-manager/nm-vpn-connection.c @@ -419,18 +419,12 @@ nm_vpn_connection_ip4_config_get (DBusGProxy *proxy, config = nm_ip4_config_new (); val = (GValue *) g_hash_table_lookup (config_hash, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV); - if (val) + if (val) { priv->ip_iface = g_strdup (g_value_get_string (val)); - else { - nm_log_err (LOGD_VPN, "invalid or missing tunnel device received!"); - goto error; - } - - /* Grab the interface index for address/routing operations */ - priv->ip_ifindex = nm_netlink_iface_to_index (priv->ip_iface); - if (!priv->ip_ifindex) { - nm_log_err (LOGD_VPN, "(%s): failed to look up VPN interface index", priv->ip_iface); - goto error; + /* Grab the interface index for address/routing operations */ + priv->ip_ifindex = nm_netlink_iface_to_index (priv->ip_iface); + if (!priv->ip_ifindex) + nm_log_err (LOGD_VPN, "(%s): failed to look up VPN interface index", priv->ip_iface); } addr = nm_ip4_address_new (); @@ -540,7 +534,8 @@ nm_vpn_connection_ip4_config_get (DBusGProxy *proxy, nm_system_iface_set_up (priv->ip_ifindex, TRUE, NULL); - if (nm_system_apply_ip4_config (priv->ip_ifindex, config, 0, NM_IP4_COMPARE_FLAG_ALL)) { + if (priv->ip_ifindex == 0 || + nm_system_apply_ip4_config (priv->ip_ifindex, config, 0, NM_IP4_COMPARE_FLAG_ALL)) { NMDnsManager *dns_mgr; /* Add any explicit route to the VPN gateway through the parent device */ -- 1.7.5.4 _______________________________________________ networkmanager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
