Merge branch 'nm-remote-id'
authorTobias Brunner <tobias@strongswan.org>
Fri, 14 Feb 2020 12:29:10 +0000 (13:29 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 14 Feb 2020 12:32:06 +0000 (13:32 +0100)
This adds an optional field to the NM plugin to configure the server
identity, so it can differ from the address or certificate subject,
which are used by default.

It also updates the Glade file to GTK+ 3.2.

Closes strongswan/strongswan#57.

src/charon-nm/nm/nm_service.c
src/frontends/gnome/po/de.po
src/frontends/gnome/properties/nm-strongswan-dialog.ui
src/frontends/gnome/properties/nm-strongswan.c

index 5e539b3..fcf79fa 100644 (file)
@@ -492,14 +492,6 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
                        return FALSE;
                }
                priv->creds->add_certificate(priv->creds, cert);
-
-               x509 = (x509_t*)cert;
-               if (!(x509->get_flags(x509) & X509_CA))
-               {       /* For a gateway certificate, we use the cert subject as identity. */
-                       gateway = cert->get_subject(cert);
-                       gateway = gateway->clone(gateway);
-                       DBG1(DBG_CFG, "using gateway certificate, identity '%Y'", gateway);
-               }
        }
        else
        {
@@ -507,16 +499,29 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
                priv->creds->load_ca_dir(priv->creds, lib->settings->get_str(
                                                                 lib->settings, "charon-nm.ca_dir", NM_CA_DIR));
        }
-       if (!gateway)
+
+       str = nm_setting_vpn_get_data_item(vpn, "remote-identity");
+       if (str)
+       {
+               gateway = identification_create_from_string((char*)str);
+       }
+       else if (cert)
+       {
+               x509 = (x509_t*)cert;
+               if (!(x509->get_flags(x509) & X509_CA))
+               {       /* for server certificates, we use the subject as identity */
+                       gateway = cert->get_subject(cert);
+                       gateway = gateway->clone(gateway);
+               }
+       }
+       if (!gateway || gateway->get_type(gateway) == ID_ANY)
        {
-               /* If the user configured a CA certificate, we use the IP/DNS
-                * of the gateway as its identity. This identity will be used for
-                * certificate lookup and requires the configured IP/DNS to be
-                * included in the gateway certificate. */
+               /* if the user configured a CA certificate (or an invalid identity),
+                * we use the IP/hostname of the server */
                gateway = identification_create_from_string(ike.remote);
-               DBG1(DBG_CFG, "using CA certificate, gateway identity '%Y'", gateway);
                loose_gateway_id = TRUE;
        }
+       DBG1(DBG_CFG, "using gateway identity '%Y'", gateway);
 
        if (auth_class == AUTH_CLASS_EAP ||
                auth_class == AUTH_CLASS_PSK)
index 5ac8708..4159cc0 100644 (file)
@@ -1,15 +1,17 @@
 # Translations for NetworkManager-strongswan.
-# Copyright (C) 2010 Martin Willi <martin@strongswan.org>
+# Copyright (C) 2010-2019 Tobias Brunner
+# Copyright (C) 2010 Martin Willi
 # This file is distributed under the same license as the
 # NetworkManager-strongswan package.
+#
 msgid ""
 msgstr ""
 "Project-Id-Version: NetworkManager-strongswan\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-02-23 15:27+0100\n"
-"PO-Revision-Date: 2010-02-18 09:20+0100\n"
-"Last-Translator: Martin Willi <martin@strongswan.org>\n"
-"Language-Team: de <martin@strongswan.org>\n"
+"POT-Creation-Date: 2019-12-18 17:10+0100\n"
+"PO-Revision-Date: 2019-12-18 17:10+0100\n"
+"Last-Translator: Tobias Brunner\n"
+"Language-Team: de <info@strongswan.org>\n"
 "Language: German\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -23,37 +25,37 @@ msgstr "IPsec/IKEv2 (strongswan)"
 msgid "IPsec with the IKEv2 key exchange protocol."
 msgstr "IPsec mit dem IKEv2 Protokoll."
 
-#: ../properties/nm-strongswan.c:318
+#: ../properties/nm-strongswan.c:324
 msgid "Certificate/private key"
 msgstr "Zertifikat/Privater Schlüssel"
 
-#: ../properties/nm-strongswan.c:319
+#: ../properties/nm-strongswan.c:325
 msgid "Certificate/ssh-agent"
 msgstr "Zertifikat/ssh-agent"
 
-#: ../properties/nm-strongswan.c:320
+#: ../properties/nm-strongswan.c:326
 msgid "Smartcard"
 msgstr "Smartcard"
 
-#: ../properties/nm-strongswan.c:321
+#: ../properties/nm-strongswan.c:327
 msgid "EAP"
 msgstr "EAP"
 
-#: ../properties/nm-strongswan.c:322
+#: ../properties/nm-strongswan.c:328
 msgid "Pre-shared key"
 msgstr "Pre-shared Key"
 
 #: ../properties/nm-strongswan-dialog.ui.h:1
-msgid "<b>Gateway</b>"
-msgstr "<b>Gateway</b>"
+msgid "<b>Server</b>"
+msgstr "<b>Server</b>"
 
 #: ../properties/nm-strongswan-dialog.ui.h:2
 msgid "_Address:"
 msgstr "_Adresse:"
 
 #: ../properties/nm-strongswan-dialog.ui.h:3
-msgid "An IP address or hostname the Gateway can be contacted."
-msgstr "Ein IP-Adresse oder einen Rechnernamen des Gateways."
+msgid "An IP address or hostname of the VPN server."
+msgstr "Eine IP-Adresse oder ein Hostname des VPN Servers."
 
 #: ../properties/nm-strongswan-dialog.ui.h:4
 msgid "C_ertificate:"
@@ -61,86 +63,108 @@ msgstr "Z_ertifikat:"
 
 #: ../properties/nm-strongswan-dialog.ui.h:5
 msgid ""
-"Gateway or CA certificate to use for gateway authentication. If none is "
+"Server or CA certificate to use for server authentication. If none is "
 "specified, pre-installed CA certificates are used."
 msgstr ""
-"Gateway- oder CA-Zertifikat für die Authentisierung des Gateways. Ohne "
-"Angabe eines Zertifikates werden die CA-Zertifikate des Systems verwendet."
+"Server- oder CA-Zertifikat für die Authentisierung des Servers. Ohne Angabe "
+"eines Zertifikates werden die CA-Zertifikate des Systems verwendet."
 
 #: ../properties/nm-strongswan-dialog.ui.h:6
-msgid "<b>Client</b>"
-msgstr "<b>Client</b>"
+msgid "_Identity:"
+msgstr "_Identität:"
 
 #: ../properties/nm-strongswan-dialog.ui.h:7
 msgid ""
-"Private key to use for client authentication. This key has to match the "
-"certificates public key and may be encrypted."
+"Defaults to the server address or the server certificate's subject DN (if "
+"configured). Custom values are explicitly sent to the server and enforced "
+"during authentication."
 msgstr ""
-"Privater Schlüssel für die Authentisierung des Clients. Dieser Schlüssel "
-"muss zum konfigurierten Zertifikat passen und kann verschlüsselt sein."
+"Standardwert ist die Server-Adresse oder der Inhaber DN des Server-"
+"Zertifikats (falls konfiguriert). Eigene Werte werden explizit an den Server "
+"gesendet und während der Authentifizierung erzwungen."
 
 #: ../properties/nm-strongswan-dialog.ui.h:8
-msgid "Private _key:"
-msgstr "Privater _Schlüssel:"
+msgid "(Defaults to address or certificate subject)"
+msgstr "(Standardwert ist die Adresse oder die Zertifikats-Identität)"
 
 #: ../properties/nm-strongswan-dialog.ui.h:9
-msgid "Au_thentication:"
-msgstr "Au_thentisierung:"
+msgid "<b>Client</b>"
+msgstr "<b>Client</b>"
 
 #: ../properties/nm-strongswan-dialog.ui.h:10
-msgid "_Username:"
-msgstr "_Benutzername:"
+msgid "Au_thentication:"
+msgstr "Au_thentisierung:"
 
 #: ../properties/nm-strongswan-dialog.ui.h:11
-msgid "The username (identity) to use for authentication against the gateway."
-msgstr "Benutzername/Identität für die Authentisierung gegenüber dem Gateway."
-
-#: ../properties/nm-strongswan-dialog.ui.h:12
 msgid "Ce_rtificate:"
 msgstr "Ze_rtifikat:"
 
-#: ../properties/nm-strongswan-dialog.ui.h:13
+#: ../properties/nm-strongswan-dialog.ui.h:12
 msgid "Client certificate to use for client authentication."
 msgstr "Zertifikat des Clients für dessen Authentisierung."
 
+#: ../properties/nm-strongswan-dialog.ui.h:13
+msgid "Private _key:"
+msgstr "Privater _Schlüssel:"
+
 #: ../properties/nm-strongswan-dialog.ui.h:14
+msgid ""
+"Private key to use for client authentication. This key has to match the "
+"certificates public key and may be encrypted."
+msgstr ""
+"Privater Schlüssel für die Authentisierung des Clients. Dieser Schlüssel "
+"muss zum konfigurierten Zertifikat passen und kann verschlüsselt sein."
+
+#: ../properties/nm-strongswan-dialog.ui.h:15
+msgid "_Username:"
+msgstr "_Benutzername:"
+
+#: ../properties/nm-strongswan-dialog.ui.h:16
+msgid "The username (identity) to use for authentication against the server."
+msgstr "Benutzername/Identität für die Authentisierung gegenüber dem Server."
+
+#: ../properties/nm-strongswan-dialog.ui.h:17
 msgid "_Password:"
 msgstr "_Passwort:"
 
-#: ../properties/nm-strongswan-dialog.ui.h:15
+#: ../properties/nm-strongswan-dialog.ui.h:18
 msgid ""
-"The password to use for authentication against the gateway (min. 20 "
+"The password to use for authentication against the server (min. 20 "
 "characters for PSKs)."
 msgstr ""
-"Das Passwort für die Authentisierung gegenüber dem Gateway (min. 20 Zeichen "
+"Das Passwort für die Authentisierung gegenüber dem Server (min. 20 Zeichen "
 "für PSKs)."
 
-#: ../properties/nm-strongswan-dialog.ui.h:16
+#: ../properties/nm-strongswan-dialog.ui.h:19
+msgid "(Use icon to change password storage policy)"
+msgstr "(Icon verwenden, um Passwort-Richtlinie zu ändern)"
+
+#: ../properties/nm-strongswan-dialog.ui.h:20
 msgid "_Show password"
 msgstr "Passwort _anzeigen"
 
-#: ../properties/nm-strongswan-dialog.ui.h:17
+#: ../properties/nm-strongswan-dialog.ui.h:21
 msgid "<b>Options</b>"
 msgstr "<b>Optionen</b>"
 
-#: ../properties/nm-strongswan-dialog.ui.h:18
+#: ../properties/nm-strongswan-dialog.ui.h:22
 msgid "Request an _inner IP address"
 msgstr "_Innere IP-Adresse beziehen"
 
-#: ../properties/nm-strongswan-dialog.ui.h:19
+#: ../properties/nm-strongswan-dialog.ui.h:23
 msgid ""
-"The Gateway may provide addresses from a pool to use for communication in "
-"the Gateways network. Check to request such an address."
+"The server may provide addresses from a pool to use for communication in the "
+"VPN. Check to request such an address."
 msgstr ""
-"Der Gateway kann IP-Adressen bereitstellen, welche der Client für die "
+"Der Server kann IP-Adressen bereitstellen, welche der Client für die "
 "Kommunikation im dahinterliegenden Netz verwenden kann. Aktivieren, um eine "
 "solche Adresse zu beziehen."
 
-#: ../properties/nm-strongswan-dialog.ui.h:20
+#: ../properties/nm-strongswan-dialog.ui.h:24
 msgid "En_force UDP encapsulation"
 msgstr "Erzwingen einer zusätzlichen Einbettung der Datenpakete in _UDP"
 
-#: ../properties/nm-strongswan-dialog.ui.h:21
+#: ../properties/nm-strongswan-dialog.ui.h:25
 msgid ""
 "Some firewalls block ESP traffic. Enforcing UDP capsulation even if no NAT "
 "situation is detected might help in such cases."
@@ -149,11 +173,11 @@ msgstr ""
 "erzwingen einer zustzlichen Einbettung in UDP, auch wenn kein NAT-Router "
 "detektiert wurde, kann in solchen Situationen hilfreich sein."
 
-#: ../properties/nm-strongswan-dialog.ui.h:22
+#: ../properties/nm-strongswan-dialog.ui.h:26
 msgid "Use IP c_ompression"
 msgstr "IP-Pakete k_omprimieren"
 
-#: ../properties/nm-strongswan-dialog.ui.h:23
+#: ../properties/nm-strongswan-dialog.ui.h:27
 msgid ""
 "IPComp compresses raw IP packets before they get encrypted. This saves some "
 "bandwidth, but uses more processing power."
@@ -161,27 +185,27 @@ msgstr ""
 "IPComp komprimiert IP-Pakete, bevor sie verschlüsselt werden. Diese Option "
 "kann Bandbreite sparen, benötigt jedoch zusätzliche Rechenleistung."
 
-#: ../properties/nm-strongswan-dialog.ui.h:24
+#: ../properties/nm-strongswan-dialog.ui.h:28
 msgid "<b>Cipher proposals</b>"
 msgstr "<b>Algorithmen</b>"
 
-#: ../properties/nm-strongswan-dialog.ui.h:25
+#: ../properties/nm-strongswan-dialog.ui.h:29
 msgid "_Enable custom proposals"
 msgstr "_Eigene Algorithmen verwenden"
 
-#: ../properties/nm-strongswan-dialog.ui.h:26
+#: ../properties/nm-strongswan-dialog.ui.h:30
 msgid "_IKE:"
 msgstr "_IKE:"
 
-#: ../properties/nm-strongswan-dialog.ui.h:27
+#: ../properties/nm-strongswan-dialog.ui.h:31
 msgid "A list of proposals for IKE separated by \";\""
 msgstr "Eine Liste von Proposals für IKE getrennt mit \";\""
 
-#: ../properties/nm-strongswan-dialog.ui.h:28
+#: ../properties/nm-strongswan-dialog.ui.h:32
 msgid "_ESP:"
 msgstr "_ESP:"
 
-#: ../properties/nm-strongswan-dialog.ui.h:29
+#: ../properties/nm-strongswan-dialog.ui.h:33
 msgid "A list of proposals for ESP separated by \";\""
 msgstr "Eine Liste von Proposals für ESP getrennt mit \";\""
 
@@ -256,6 +280,3 @@ msgstr ""
 #: ../NetworkManager-strongswan.appdata.xml.in.h:5
 msgid "strongSwan Developers"
 msgstr "strongSwan Entwickler"
-
-#~ msgid "VPN password required"
-#~ msgstr "VPN Passwort notwendig"
index 3a04d6e..0d9d62d 100644 (file)
@@ -1,24 +1,26 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<!-- Generated with glade 3.22.0 -->
 <interface>
-  <!-- interface-requires gtk+ 2.12 -->
-  <!-- interface-naming-policy toplevel-contextual -->
-  <object class="GtkVBox" id="strongswan-vbox">
+  <requires lib="gtk+" version="3.2"/>
+  <object class="GtkBox" id="strongswan-vbox">
     <property name="visible">True</property>
     <property name="can_focus">False</property>
     <property name="border_width">12</property>
+    <property name="orientation">vertical</property>
     <property name="spacing">16</property>
     <child>
-      <object class="GtkVBox" id="gateway-vbox">
+      <object class="GtkBox" id="gateway-vbox">
         <property name="visible">True</property>
         <property name="can_focus">False</property>
+        <property name="orientation">vertical</property>
         <property name="spacing">6</property>
         <child>
           <object class="GtkLabel" id="gateway-label">
             <property name="visible">True</property>
             <property name="can_focus">False</property>
-            <property name="xalign">0</property>
-            <property name="label" translatable="yes">&lt;b&gt;Gateway&lt;/b&gt;</property>
+            <property name="label" translatable="yes">&lt;b&gt;Server&lt;/b&gt;</property>
             <property name="use_markup">True</property>
+            <property name="xalign">0</property>
           </object>
           <packing>
             <property name="expand">False</property>
           </packing>
         </child>
         <child>
-          <object class="GtkAlignment" id="gateway-alignment">
+          <object class="GtkGrid">
             <property name="visible">True</property>
             <property name="can_focus">False</property>
-            <property name="left_padding">12</property>
+            <property name="margin_left">12</property>
+            <property name="row_spacing">6</property>
+            <property name="column_spacing">6</property>
+            <property name="row_homogeneous">True</property>
             <child>
-              <object class="GtkTable" id="gateway-table">
+              <object class="GtkLabel" id="address-label">
                 <property name="visible">True</property>
                 <property name="can_focus">False</property>
-                <property name="n_rows">2</property>
-                <property name="n_columns">2</property>
-                <property name="column_spacing">6</property>
-                <property name="row_spacing">6</property>
-                <child>
-                  <object class="GtkLabel" id="address-label">
-                    <property name="visible">True</property>
-                    <property name="can_focus">False</property>
-                    <property name="xalign">0</property>
-                    <property name="label" translatable="yes">_Address:</property>
-                    <property name="use_underline">True</property>
-                    <property name="mnemonic_widget">address-entry</property>
-                  </object>
-                  <packing>
-                    <property name="x_options">GTK_FILL</property>
-                    <property name="y_options"/>
-                  </packing>
-                </child>
-                <child>
-                  <object class="GtkEntry" id="address-entry">
-                    <property name="visible">True</property>
-                    <property name="can_focus">True</property>
-                    <property name="has_tooltip">True</property>
-                    <property name="tooltip_text" translatable="yes">An IP address or hostname the Gateway can be contacted.</property>
-                    <property name="primary_icon_activatable">False</property>
-                    <property name="secondary_icon_activatable">False</property>
-                    <property name="primary_icon_sensitive">True</property>
-                    <property name="secondary_icon_sensitive">True</property>
-                  </object>
-                  <packing>
-                    <property name="left_attach">1</property>
-                    <property name="right_attach">2</property>
-                    <property name="y_options"/>
-                  </packing>
-                </child>
-                <child>
-                  <object class="GtkLabel" id="certificate-label">
-                    <property name="visible">True</property>
-                    <property name="can_focus">False</property>
-                    <property name="xalign">0</property>
-                    <property name="label" translatable="yes">C_ertificate:</property>
-                    <property name="use_underline">True</property>
-                    <property name="mnemonic_widget">certificate-button</property>
-                  </object>
-                  <packing>
-                    <property name="top_attach">1</property>
-                    <property name="bottom_attach">2</property>
-                    <property name="x_options">GTK_FILL</property>
-                    <property name="y_options"/>
-                  </packing>
-                </child>
-                <child>
-                  <object class="GtkFileChooserButton" id="certificate-button">
-                    <property name="visible">True</property>
-                    <property name="can_focus">False</property>
-                    <property name="tooltip_text" translatable="yes">Gateway or CA certificate to use for gateway authentication. If none is specified, pre-installed CA certificates are used.</property>
-                  </object>
-                  <packing>
-                    <property name="left_attach">1</property>
-                    <property name="right_attach">2</property>
-                    <property name="top_attach">1</property>
-                    <property name="bottom_attach">2</property>
-                  </packing>
-                </child>
+                <property name="label" translatable="yes">_Address:</property>
+                <property name="use_underline">True</property>
+                <property name="xalign">0</property>
+              </object>
+              <packing>
+                <property name="left_attach">0</property>
+                <property name="top_attach">0</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkEntry" id="address-entry">
+                <property name="visible">True</property>
+                <property name="can_focus">True</property>
+                <property name="tooltip_text" translatable="yes">An IP address or hostname of the VPN server.</property>
+                <property name="hexpand">True</property>
+                <property name="primary_icon_activatable">False</property>
+                <property name="secondary_icon_activatable">False</property>
+              </object>
+              <packing>
+                <property name="left_attach">1</property>
+                <property name="top_attach">0</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkLabel" id="certificate-label">
+                <property name="visible">True</property>
+                <property name="can_focus">False</property>
+                <property name="label" translatable="yes">C_ertificate:</property>
+                <property name="use_underline">True</property>
+                <property name="xalign">0</property>
+              </object>
+              <packing>
+                <property name="left_attach">0</property>
+                <property name="top_attach">1</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkFileChooserButton" id="certificate-button">
+                <property name="visible">True</property>
+                <property name="can_focus">False</property>
+                <property name="tooltip_text" translatable="yes">Server or CA certificate to use for server authentication. If none is specified, pre-installed CA certificates are used.</property>
+                <property name="hexpand">True</property>
+              </object>
+              <packing>
+                <property name="left_attach">1</property>
+                <property name="top_attach">1</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkLabel" id="remote-identity-label">
+                <property name="visible">True</property>
+                <property name="can_focus">False</property>
+                <property name="label" translatable="yes">_Identity:</property>
+                <property name="use_underline">True</property>
+                <property name="xalign">0</property>
+              </object>
+              <packing>
+                <property name="left_attach">0</property>
+                <property name="top_attach">2</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkEntry" id="remote-identity-entry">
+                <property name="visible">True</property>
+                <property name="can_focus">True</property>
+                <property name="tooltip_text" translatable="yes">Defaults to the server address or the server certificate's subject DN (if configured). Custom values are explicitly sent to the server and enforced during authentication.</property>
+                <property name="hexpand">True</property>
+                <property name="primary_icon_activatable">False</property>
+                <property name="secondary_icon_activatable">False</property>
+                <property name="placeholder_text" translatable="yes">(Defaults to address or certificate subject)</property>
               </object>
+              <packing>
+                <property name="left_attach">1</property>
+                <property name="top_attach">2</property>
+              </packing>
             </child>
           </object>
           <packing>
-            <property name="expand">True</property>
+            <property name="expand">False</property>
             <property name="fill">True</property>
             <property name="position">1</property>
           </packing>
         </child>
+        <child>
+          <placeholder/>
+        </child>
       </object>
       <packing>
         <property name="expand">False</property>
       </packing>
     </child>
     <child>
-      <object class="GtkVBox" id="client-vbox">
+      <object class="GtkBox" id="client-vbox">
         <property name="visible">True</property>
         <property name="can_focus">False</property>
+        <property name="orientation">vertical</property>
         <property name="spacing">6</property>
         <child>
           <object class="GtkLabel" id="client-label">
             <property name="visible">True</property>
             <property name="can_focus">False</property>
-            <property name="xalign">0</property>
             <property name="label" translatable="yes">&lt;b&gt;Client&lt;/b&gt;</property>
             <property name="use_markup">True</property>
+            <property name="xalign">0</property>
           </object>
           <packing>
             <property name="expand">False</property>
           </packing>
         </child>
         <child>
-          <object class="GtkAlignment" id="client-alignment">
+          <object class="GtkGrid">
             <property name="visible">True</property>
             <property name="can_focus">False</property>
-            <property name="left_padding">12</property>
+            <property name="margin_left">12</property>
+            <property name="row_spacing">6</property>
+            <property name="column_spacing">6</property>
+            <property name="row_homogeneous">True</property>
             <child>
-              <object class="GtkTable" id="client-table">
+              <object class="GtkLabel" id="method-label">
                 <property name="visible">True</property>
                 <property name="can_focus">False</property>
-                <property name="n_rows">6</property>
-                <property name="n_columns">2</property>
-                <property name="column_spacing">6</property>
-                <property name="row_spacing">6</property>
-                <child>
-                  <object class="GtkFileChooserButton" id="userkey-button">
-                    <property name="visible">True</property>
-                    <property name="can_focus">False</property>
-                    <property name="tooltip_text" translatable="yes">Private key to use for client authentication. This key has to match the certificates public key and may be encrypted.</property>
-                  </object>
-                  <packing>
-                    <property name="left_attach">1</property>
-                    <property name="right_attach">2</property>
-                    <property name="top_attach">2</property>
-                    <property name="bottom_attach">3</property>
-                  </packing>
-                </child>
-                <child>
-                  <object class="GtkLabel" id="userkey-label">
-                    <property name="visible">True</property>
-                    <property name="can_focus">False</property>
-                    <property name="xalign">0</property>
-                    <property name="label" translatable="yes">Private _key:</property>
-                    <property name="use_underline">True</property>
-                    <property name="mnemonic_widget">userkey-button</property>
-                  </object>
-                  <packing>
-                    <property name="top_attach">2</property>
-                    <property name="bottom_attach">3</property>
-                    <property name="x_options">GTK_FILL</property>
-                    <property name="y_options"/>
-                  </packing>
-                </child>
-                <child>
-                  <object class="GtkLabel" id="method-label">
-                    <property name="visible">True</property>
-                    <property name="can_focus">False</property>
-                    <property name="xalign">0</property>
-                    <property name="label" translatable="yes">Au_thentication:</property>
-                    <property name="use_underline">True</property>
-                  </object>
-                  <packing>
-                    <property name="x_options">GTK_FILL</property>
-                    <property name="y_options"/>
-                  </packing>
-                </child>
-                <child>
-                  <object class="GtkLabel" id="user-label">
-                    <property name="visible">True</property>
-                    <property name="can_focus">False</property>
-                    <property name="xalign">0</property>
-                    <property name="label" translatable="yes">_Username:</property>
-                    <property name="use_underline">True</property>
-                    <property name="mnemonic_widget">user-entry</property>
-                  </object>
-                  <packing>
-                    <property name="top_attach">3</property>
-                    <property name="bottom_attach">4</property>
-                    <property name="x_options">GTK_FILL</property>
-                    <property name="y_options"/>
-                  </packing>
-                </child>
-                <child>
-                  <object class="GtkEntry" id="user-entry">
-                    <property name="visible">True</property>
-                    <property name="can_focus">True</property>
-                    <property name="has_tooltip">True</property>
-                    <property name="tooltip_text" translatable="yes">The username (identity) to use for authentication against the gateway.</property>
-                    <property name="primary_icon_activatable">False</property>
-                    <property name="secondary_icon_activatable">False</property>
-                    <property name="primary_icon_sensitive">True</property>
-                    <property name="secondary_icon_sensitive">True</property>
-                  </object>
-                  <packing>
-                    <property name="left_attach">1</property>
-                    <property name="right_attach">2</property>
-                    <property name="top_attach">3</property>
-                    <property name="bottom_attach">4</property>
-                    <property name="y_options"/>
-                  </packing>
-                </child>
-                <child>
-                  <object class="GtkLabel" id="usercert-label">
-                    <property name="visible">True</property>
-                    <property name="can_focus">False</property>
-                    <property name="xalign">0</property>
-                    <property name="label" translatable="yes">Ce_rtificate:</property>
-                    <property name="use_underline">True</property>
-                    <property name="mnemonic_widget">usercert-button</property>
-                  </object>
-                  <packing>
-                    <property name="top_attach">1</property>
-                    <property name="bottom_attach">2</property>
-                    <property name="x_options">GTK_FILL</property>
-                    <property name="y_options"/>
-                  </packing>
-                </child>
-                <child>
-                  <object class="GtkFileChooserButton" id="usercert-button">
-                    <property name="visible">True</property>
-                    <property name="can_focus">False</property>
-                    <property name="tooltip_text" translatable="yes">Client certificate to use for client authentication.</property>
-                  </object>
-                  <packing>
-                    <property name="left_attach">1</property>
-                    <property name="right_attach">2</property>
-                    <property name="top_attach">1</property>
-                    <property name="bottom_attach">2</property>
-                  </packing>
-                </child>
-                <child>
-                  <object class="GtkComboBoxText" id="method-combo">
-                    <property name="visible">True</property>
-                    <property name="can_focus">False</property>
-                  </object>
-                  <packing>
-                    <property name="left_attach">1</property>
-                    <property name="right_attach">2</property>
-                  </packing>
-                </child>
-                <child>
-                  <object class="GtkLabel" id="passwd-label">
-                    <property name="visible">True</property>
-                    <property name="can_focus">False</property>
-                    <property name="xalign">0</property>
-                    <property name="label" translatable="yes">_Password:</property>
-                    <property name="use_underline">True</property>
-                    <property name="mnemonic_widget">user-entry</property>
-                  </object>
-                  <packing>
-                    <property name="top_attach">4</property>
-                    <property name="bottom_attach">5</property>
-                    <property name="x_options">GTK_FILL</property>
-                    <property name="y_options"/>
-                  </packing>
-                </child>
-                <child>
-                  <object class="GtkEntry" id="passwd-entry">
-                    <property name="visible">True</property>
-                    <property name="can_focus">True</property>
-                    <property name="has_tooltip">True</property>
-                    <property name="tooltip_text" translatable="yes">The password to use for authentication against the gateway (min. 20 characters for PSKs).</property>
-                    <property name="visibility">False</property>
-                  </object>
-                  <packing>
-                    <property name="left_attach">1</property>
-                    <property name="right_attach">2</property>
-                    <property name="top_attach">4</property>
-                    <property name="bottom_attach">5</property>
-                    <property name="y_options"/>
-                  </packing>
-                </child>
-                <child>
-                  <object class="GtkCheckButton" id="passwd-show">
-                    <property name="label" translatable="yes">_Show password</property>
-                    <property name="visible">True</property>
-                    <property name="can_focus">True</property>
-                    <property name="receives_default">False</property>
-                    <property name="use_underline">True</property>
-                    <property name="draw_indicator">True</property>
-                  </object>
-                  <packing>
-                    <property name="left_attach">1</property>
-                    <property name="right_attach">2</property>
-                    <property name="top_attach">5</property>
-                    <property name="bottom_attach">6</property>
-                  </packing>
-                </child>
-                <child>
-                  <placeholder/>
-
-                </child>
+                <property name="label" translatable="yes">Au_thentication:</property>
+                <property name="use_underline">True</property>
+                <property name="xalign">0</property>
+              </object>
+              <packing>
+                <property name="left_attach">0</property>
+                <property name="top_attach">0</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkComboBoxText" id="method-combo">
+                <property name="visible">True</property>
+                <property name="can_focus">False</property>
+                <property name="hexpand">True</property>
+              </object>
+              <packing>
+                <property name="left_attach">1</property>
+                <property name="top_attach">0</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkLabel" id="usercert-label">
+                <property name="visible">True</property>
+                <property name="can_focus">False</property>
+                <property name="label" translatable="yes">Ce_rtificate:</property>
+                <property name="use_underline">True</property>
+                <property name="xalign">0</property>
+              </object>
+              <packing>
+                <property name="left_attach">0</property>
+                <property name="top_attach">1</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkFileChooserButton" id="usercert-button">
+                <property name="visible">True</property>
+                <property name="can_focus">False</property>
+                <property name="tooltip_text" translatable="yes">Client certificate to use for client authentication.</property>
+                <property name="hexpand">True</property>
+              </object>
+              <packing>
+                <property name="left_attach">1</property>
+                <property name="top_attach">1</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkLabel" id="userkey-label">
+                <property name="visible">True</property>
+                <property name="can_focus">False</property>
+                <property name="label" translatable="yes">Private _key:</property>
+                <property name="use_underline">True</property>
+                <property name="xalign">0</property>
+              </object>
+              <packing>
+                <property name="left_attach">0</property>
+                <property name="top_attach">2</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkFileChooserButton" id="userkey-button">
+                <property name="visible">True</property>
+                <property name="can_focus">False</property>
+                <property name="tooltip_text" translatable="yes">Private key to use for client authentication. This key has to match the certificates public key and may be encrypted.</property>
+                <property name="hexpand">True</property>
+              </object>
+              <packing>
+                <property name="left_attach">1</property>
+                <property name="top_attach">2</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkLabel" id="user-label">
+                <property name="visible">True</property>
+                <property name="can_focus">False</property>
+                <property name="label" translatable="yes">_Username:</property>
+                <property name="use_underline">True</property>
+                <property name="xalign">0</property>
+              </object>
+              <packing>
+                <property name="left_attach">0</property>
+                <property name="top_attach">3</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkEntry" id="user-entry">
+                <property name="visible">True</property>
+                <property name="can_focus">True</property>
+                <property name="tooltip_text" translatable="yes">The username (identity) to use for authentication against the server.</property>
+                <property name="hexpand">True</property>
+                <property name="primary_icon_activatable">False</property>
+                <property name="secondary_icon_activatable">False</property>
+              </object>
+              <packing>
+                <property name="left_attach">1</property>
+                <property name="top_attach">3</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkLabel" id="passwd-label">
+                <property name="visible">True</property>
+                <property name="can_focus">False</property>
+                <property name="label" translatable="yes">_Password:</property>
+                <property name="use_underline">True</property>
+                <property name="xalign">0</property>
+              </object>
+              <packing>
+                <property name="left_attach">0</property>
+                <property name="top_attach">4</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkEntry" id="passwd-entry">
+                <property name="visible">True</property>
+                <property name="can_focus">True</property>
+                <property name="tooltip_text" translatable="yes">The password to use for authentication against the server (min. 20 characters for PSKs).</property>
+                <property name="hexpand">True</property>
+                <property name="visibility">False</property>
+                <property name="primary_icon_activatable">False</property>
+                <property name="secondary_icon_activatable">False</property>
+                <property name="placeholder_text" translatable="yes">(Use icon to change password storage policy)</property>
               </object>
+              <packing>
+                <property name="left_attach">1</property>
+                <property name="top_attach">4</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkCheckButton" id="passwd-show">
+                <property name="label" translatable="yes">_Show password</property>
+                <property name="visible">True</property>
+                <property name="can_focus">True</property>
+                <property name="receives_default">False</property>
+                <property name="hexpand">True</property>
+                <property name="use_underline">True</property>
+                <property name="draw_indicator">True</property>
+              </object>
+              <packing>
+                <property name="left_attach">1</property>
+                <property name="top_attach">5</property>
+              </packing>
+            </child>
+            <child>
+              <placeholder/>
             </child>
           </object>
           <packing>
-            <property name="expand">True</property>
+            <property name="expand">False</property>
             <property name="fill">True</property>
             <property name="position">1</property>
           </packing>
         </child>
+        <child>
+          <placeholder/>
+        </child>
       </object>
       <packing>
         <property name="expand">False</property>
       </packing>
     </child>
     <child>
-      <object class="GtkVBox" id="options-vbox">
+      <object class="GtkBox" id="options-vbox">
         <property name="visible">True</property>
         <property name="can_focus">False</property>
+        <property name="orientation">vertical</property>
         <property name="spacing">6</property>
         <child>
           <object class="GtkLabel" id="options-label">
             <property name="visible">True</property>
             <property name="can_focus">False</property>
-            <property name="xalign">0</property>
             <property name="label" translatable="yes">&lt;b&gt;Options&lt;/b&gt;</property>
             <property name="use_markup">True</property>
+            <property name="xalign">0</property>
           </object>
           <packing>
             <property name="expand">False</property>
           </packing>
         </child>
         <child>
-          <object class="GtkAlignment" id="options-alignment">
+          <object class="GtkBox" id="options-inner-vbox">
             <property name="visible">True</property>
             <property name="can_focus">False</property>
-            <property name="left_padding">12</property>
+            <property name="margin_left">12</property>
+            <property name="orientation">vertical</property>
             <child>
-              <object class="GtkVBox" id="options-inner-vbox">
+              <object class="GtkCheckButton" id="virtual-check">
+                <property name="label" translatable="yes">Request an _inner IP address</property>
                 <property name="visible">True</property>
-                <property name="can_focus">False</property>
-                <child>
-                  <object class="GtkCheckButton" id="virtual-check">
-                    <property name="label" translatable="yes">Request an _inner IP address</property>
-                    <property name="visible">True</property>
-                    <property name="can_focus">True</property>
-                    <property name="receives_default">False</property>
-                    <property name="has_tooltip">True</property>
-                    <property name="tooltip_text" translatable="yes">The Gateway may provide addresses from a pool to use for communication in the Gateways network. Check to request such an address.</property>
-                    <property name="use_underline">True</property>
-                    <property name="draw_indicator">True</property>
-                  </object>
-                  <packing>
-                    <property name="expand">True</property>
-                    <property name="fill">True</property>
-                    <property name="position">0</property>
-                  </packing>
-                </child>
-                <child>
-                  <object class="GtkCheckButton" id="encap-check">
-                    <property name="label" translatable="yes">En_force UDP encapsulation</property>
-                    <property name="visible">True</property>
-                    <property name="can_focus">True</property>
-                    <property name="receives_default">False</property>
-                    <property name="has_tooltip">True</property>
-                    <property name="tooltip_text" translatable="yes">Some firewalls block ESP traffic. Enforcing UDP capsulation even if no NAT situation is detected might help in such cases.</property>
-                    <property name="use_underline">True</property>
-                    <property name="draw_indicator">True</property>
-                  </object>
-                  <packing>
-                    <property name="expand">True</property>
-                    <property name="fill">True</property>
-                    <property name="position">1</property>
-                  </packing>
-                </child>
-                <child>
-                  <object class="GtkCheckButton" id="ipcomp-check">
-                    <property name="label" translatable="yes">Use IP c_ompression</property>
-                    <property name="visible">True</property>
-                    <property name="can_focus">True</property>
-                    <property name="receives_default">False</property>
-                    <property name="has_tooltip">True</property>
-                    <property name="tooltip_text" translatable="yes">IPComp compresses raw IP packets before they get encrypted. This saves some bandwidth, but uses more processing power.</property>
-                    <property name="use_underline">True</property>
-                    <property name="draw_indicator">True</property>
-                  </object>
-                  <packing>
-                    <property name="expand">True</property>
-                    <property name="fill">True</property>
-                    <property name="position">2</property>
-                  </packing>
-                </child>
+                <property name="can_focus">True</property>
+                <property name="receives_default">False</property>
+                <property name="tooltip_text" translatable="yes">The server may provide addresses from a pool to use for communication in the VPN. Check to request such an address.</property>
+                <property name="use_underline">True</property>
+                <property name="draw_indicator">True</property>
               </object>
+              <packing>
+                <property name="expand">True</property>
+                <property name="fill">True</property>
+                <property name="position">0</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkCheckButton" id="encap-check">
+                <property name="label" translatable="yes">En_force UDP encapsulation</property>
+                <property name="visible">True</property>
+                <property name="can_focus">True</property>
+                <property name="receives_default">False</property>
+                <property name="tooltip_text" translatable="yes">Some firewalls block ESP traffic. Enforcing UDP capsulation even if no NAT situation is detected might help in such cases.</property>
+                <property name="use_underline">True</property>
+                <property name="draw_indicator">True</property>
+              </object>
+              <packing>
+                <property name="expand">True</property>
+                <property name="fill">True</property>
+                <property name="position">1</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkCheckButton" id="ipcomp-check">
+                <property name="label" translatable="yes">Use IP c_ompression</property>
+                <property name="visible">True</property>
+                <property name="can_focus">True</property>
+                <property name="receives_default">False</property>
+                <property name="tooltip_text" translatable="yes">IPComp compresses raw IP packets before they get encrypted. This saves some bandwidth, but uses more processing power.</property>
+                <property name="use_underline">True</property>
+                <property name="draw_indicator">True</property>
+              </object>
+              <packing>
+                <property name="expand">True</property>
+                <property name="fill">True</property>
+                <property name="position">2</property>
+              </packing>
             </child>
           </object>
           <packing>
-            <property name="expand">True</property>
+            <property name="expand">False</property>
             <property name="fill">True</property>
             <property name="position">1</property>
           </packing>
         </child>
+        <child>
+          <placeholder/>
+        </child>
       </object>
       <packing>
         <property name="expand">False</property>
       </packing>
     </child>
     <child>
-      <object class="GtkVBox" id="proposals-vbox">
+      <object class="GtkBox" id="proposals-vbox">
         <property name="visible">True</property>
         <property name="can_focus">False</property>
+        <property name="orientation">vertical</property>
         <property name="spacing">6</property>
         <child>
           <object class="GtkLabel" id="proposals-label">
             <property name="visible">True</property>
             <property name="can_focus">False</property>
-            <property name="xalign">0</property>
             <property name="label" translatable="yes">&lt;b&gt;Cipher proposals&lt;/b&gt;</property>
             <property name="use_markup">True</property>
+            <property name="xalign">0</property>
           </object>
           <packing>
             <property name="expand">False</property>
           </packing>
         </child>
         <child>
-          <object class="GtkAlignment" id="proposal-alignment">
+          <object class="GtkBox" id="proposal-vbox">
             <property name="visible">True</property>
             <property name="can_focus">False</property>
-            <property name="left_padding">12</property>
+            <property name="margin_left">12</property>
+            <property name="orientation">vertical</property>
             <child>
-              <object class="GtkVBox" id="vbox1">
+              <object class="GtkCheckButton" id="proposal-check">
+                <property name="label" translatable="yes">_Enable custom proposals</property>
+                <property name="visible">True</property>
+                <property name="can_focus">True</property>
+                <property name="receives_default">False</property>
+                <property name="use_underline">True</property>
+                <property name="draw_indicator">True</property>
+              </object>
+              <packing>
+                <property name="expand">True</property>
+                <property name="fill">True</property>
+                <property name="position">0</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkGrid">
                 <property name="visible">True</property>
                 <property name="can_focus">False</property>
+                <property name="row_spacing">6</property>
+                <property name="column_spacing">6</property>
+                <property name="row_homogeneous">True</property>
                 <child>
-                  <object class="GtkCheckButton" id="proposal-check">
-                    <property name="label" translatable="yes">_Enable custom proposals</property>
+                  <object class="GtkLabel" id="ike-label">
                     <property name="visible">True</property>
-                    <property name="can_focus">True</property>
-                    <property name="receives_default">False</property>
+                    <property name="can_focus">False</property>
+                    <property name="label" translatable="yes">_IKE:</property>
                     <property name="use_underline">True</property>
-                    <property name="draw_indicator">True</property>
+                    <property name="xalign">0</property>
                   </object>
                   <packing>
-                    <property name="expand">True</property>
-                    <property name="fill">True</property>
-                    <property name="position">0</property>
+                    <property name="left_attach">0</property>
+                    <property name="top_attach">0</property>
                   </packing>
                 </child>
                 <child>
-                  <object class="GtkTable" id="proposal-table">
+                  <object class="GtkEntry" id="ike-entry">
+                    <property name="visible">True</property>
+                    <property name="can_focus">True</property>
+                    <property name="tooltip_text" translatable="yes">A list of proposals for IKE separated by ";"</property>
+                    <property name="hexpand">True</property>
+                    <property name="invisible_char">•</property>
+                    <property name="primary_icon_activatable">False</property>
+                    <property name="secondary_icon_activatable">False</property>
+                  </object>
+                  <packing>
+                    <property name="left_attach">1</property>
+                    <property name="top_attach">0</property>
+                  </packing>
+                </child>
+                <child>
+                  <object class="GtkLabel" id="esp-label">
                     <property name="visible">True</property>
                     <property name="can_focus">False</property>
-                    <property name="n_rows">2</property>
-                    <property name="n_columns">2</property>
-                    <property name="column_spacing">6</property>
-                    <property name="row_spacing">6</property>
-                    <child>
-                      <object class="GtkLabel" id="ike-label">
-                        <property name="visible">True</property>
-                        <property name="can_focus">False</property>
-                        <property name="xalign">0</property>
-                        <property name="ypad">1</property>
-                        <property name="label" translatable="yes">_IKE:</property>
-                        <property name="use_underline">True</property>
-                        <property name="mnemonic_widget">ike-entry</property>
-                      </object>
-                      <packing>
-                        <property name="x_options">GTK_FILL</property>
-                        <property name="y_options"/>
-                      </packing>
-                    </child>
-                    <child>
-                      <object class="GtkEntry" id="ike-entry">
-                        <property name="visible">True</property>
-                        <property name="can_focus">True</property>
-                        <property name="has_tooltip">True</property>
-                        <property name="tooltip_text" translatable="yes">A list of proposals for IKE separated by ";"</property>
-                        <property name="invisible_char">•</property>
-                        <property name="invisible_char_set">True</property>
-                        <property name="primary_icon_activatable">False</property>
-                        <property name="secondary_icon_activatable">False</property>
-                        <property name="primary_icon_sensitive">True</property>
-                        <property name="secondary_icon_sensitive">True</property>
-                      </object>
-                      <packing>
-                        <property name="left_attach">1</property>
-                        <property name="right_attach">2</property>
-                        <property name="y_options"/>
-                      </packing>
-                    </child>
-                    <child>
-                      <object class="GtkLabel" id="esp-label">
-                        <property name="visible">True</property>
-                        <property name="can_focus">False</property>
-                        <property name="xalign">0</property>
-                        <property name="label" translatable="yes">_ESP:</property>
-                        <property name="use_underline">True</property>
-                        <property name="mnemonic_widget">address-entry</property>
-                      </object>
-                      <packing>
-                        <property name="top_attach">1</property>
-                        <property name="bottom_attach">2</property>
-                        <property name="x_options">GTK_FILL</property>
-                        <property name="y_options"/>
-                      </packing>
-                    </child>
-                    <child>
-                      <object class="GtkEntry" id="esp-entry">
-                        <property name="visible">True</property>
-                        <property name="can_focus">True</property>
-                        <property name="has_tooltip">True</property>
-                        <property name="tooltip_text" translatable="yes">A list of proposals for ESP separated by ";"</property>
-                        <property name="invisible_char">•</property>
-                        <property name="invisible_char_set">True</property>
-                        <property name="primary_icon_activatable">False</property>
-                        <property name="secondary_icon_activatable">False</property>
-                        <property name="primary_icon_sensitive">True</property>
-                        <property name="secondary_icon_sensitive">True</property>
-                      </object>
-                      <packing>
-                        <property name="left_attach">1</property>
-                        <property name="right_attach">2</property>
-                        <property name="top_attach">1</property>
-                        <property name="bottom_attach">2</property>
-                        <property name="y_options"/>
-                      </packing>
-                    </child>
+                    <property name="label" translatable="yes">_ESP:</property>
+                    <property name="use_underline">True</property>
+                    <property name="xalign">0</property>
+                  </object>
+                  <packing>
+                    <property name="left_attach">0</property>
+                    <property name="top_attach">1</property>
+                  </packing>
+                </child>
+                <child>
+                  <object class="GtkEntry" id="esp-entry">
+                    <property name="visible">True</property>
+                    <property name="can_focus">True</property>
+                    <property name="tooltip_text" translatable="yes">A list of proposals for ESP separated by ";"</property>
+                    <property name="hexpand">True</property>
+                    <property name="invisible_char">•</property>
+                    <property name="primary_icon_activatable">False</property>
+                    <property name="secondary_icon_activatable">False</property>
                   </object>
                   <packing>
-                    <property name="expand">True</property>
-                    <property name="fill">True</property>
-                    <property name="position">1</property>
+                    <property name="left_attach">1</property>
+                    <property name="top_attach">1</property>
                   </packing>
                 </child>
               </object>
+              <packing>
+                <property name="expand">False</property>
+                <property name="fill">True</property>
+                <property name="position">1</property>
+              </packing>
+            </child>
+            <child>
+              <placeholder/>
             </child>
           </object>
           <packing>
-            <property name="expand">True</property>
+            <property name="expand">False</property>
             <property name="fill">True</property>
             <property name="position">1</property>
           </packing>
         </child>
+        <child>
+          <placeholder/>
+        </child>
       </object>
       <packing>
         <property name="expand">False</property>
index d261dcb..5204d9a 100644 (file)
@@ -299,6 +299,12 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError
                gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
        g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (settings_changed_cb), self);
 
+       widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "remote-identity-entry"));
+       value = nm_setting_vpn_get_data_item (settings, "remote-identity");
+       if (value)
+               gtk_entry_set_text (GTK_ENTRY (widget), value);
+       g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (settings_changed_cb), self);
+
        widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-entry"));
        value = nm_setting_vpn_get_data_item (settings, "user");
        if (value)
@@ -483,6 +489,12 @@ update_connection (NMVpnEditor *iface,
                nm_setting_vpn_add_data_item (settings, "certificate", str);
        }
 
+       widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "remote-identity-entry"));
+       str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
+       if (str && strlen (str)) {
+               nm_setting_vpn_add_data_item (settings, "remote-identity", str);
+       }
+
        widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "method-combo"));
        switch (gtk_combo_box_get_active (GTK_COMBO_BOX (widget)))
        {