Package: strongswan
Version: 5.0.4-3
Severity: wishlist
Tags: upstream
This is not so much a tweak but potentially a requirement to rewrite the
Gnome Network Manager plugin or create an alternative plugin with a
different approach to managing the IPsec connections.
The current plugin for Network Manager ignores all the settings in
/etc/ipsec.conf and requires the user to set up the connections manually
within a GUI. The GUI is very basic and does not give access to many
StrongSWAN features. Even IPv6 support appears to be missing from the GUI.
There are probably two approaches:
a) extend the GUI to support all the features that are permitted in
ipsec.conf, starting with basic things like IPv6
b) abolish the GUI configuration - the Network Manager plugin (or just a
standard tray applet perhaps) could be created that simply allows the
user to start and stop connections that are already defined in
/etc/ipsec.conf
Personally I feel that (b) is the better strategy.
Managed deployments of road warriors would probably get a lot of benefit
from (b). The users need to be able to see if their VPN is active or
not and maybe start it on demand from their desktop GUI. All the setup
should be done centrally by an administrator in the normal ipsec.conf
and deployed to all laptops (maybe using something like Puppet). If auto
start is enabled, it should probably start even if no user is logged in
and network manager is not running but when the user does log in, they
should be able to see if their VPN is up, start it or stop it, etc.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org