Yast VPN module don't works anymore via StrongSwan IPSec or IKEv2
For more than a year I have made the setup of a VPN service with the Yast VPN module. But now I found the service doesn't work right. The Yast VPN module don't gives the option to place the user for the connection. In my Android phone with the Strongswan app, I place the name of the vpn server like "ipsec.name1.name2.net", the user and the password for the service AND IT WORKS! But with Tumbleed is not so easy. They are 2 ways tosetup the VPN: 1- Via the Yast VPN module 2- Via Network Manager Strongswan The configuration Via Network Manager Strongswan is not enabled, then not possible. I have installed: NetworkManager-strongswan - NetworkManager VPN support for strongSwan plasma-nm5-strongswan - strongSwan support for plasma-nm5 strongswan - IPsec-based VPN solution strongswan-hmac - HMAC files for FIPS-140-2 integrity in strongSwan strongswan-ipsec - IPsec-based VPN solution strongswan-libs0 - strongSwan core libraries and basic plugins strongswan-mysql - MySQL plugin for strongSwan strongswan-nm - NetworkManager plugin for strongSwan strongswan-sqlite - SQLite plugin for strongSwan I have reinstalled all the related packages, but no changes! The status result of the Yast VPN module is: ● strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using swanctl Loaded: loaded (/usr/lib/systemd/system/strongswan.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2021-04-26 14:35:54 -03; 22min ago Process: 1426 ExecStartPost=/usr/sbin/swanctl --load-all --noprompt (code=exited, status=0/SUCCESS) Main PID: 1140 (charon-systemd) Status: "charon-systemd running, strongSwan 5.9.0, Linux 5.11.15-1-default, x86_64" Tasks: 17 (limit: 4915) CPU: 147ms CGroup: /system.slice/strongswan.service └─1140 /usr/sbin/charon-systemd abr 26 14:35:54 linux-9yja swanctl[1426]: opening directory '/etc/swanctl/private' failed: No such file or directory abr 26 14:35:54 linux-9yja swanctl[1426]: opening directory '/etc/swanctl/rsa' failed: No such file or directory abr 26 14:35:54 linux-9yja swanctl[1426]: opening directory '/etc/swanctl/ecdsa' failed: No such file or directory abr 26 14:35:54 linux-9yja swanctl[1426]: opening directory '/etc/swanctl/bliss' failed: No such file or directory abr 26 14:35:54 linux-9yja swanctl[1426]: opening directory '/etc/swanctl/pkcs8' failed: No such file or directory abr 26 14:35:54 linux-9yja swanctl[1426]: opening directory '/etc/swanctl/pkcs12' failed: No such file or directory abr 26 14:35:54 linux-9yja swanctl[1426]: no authorities found, 0 unloaded abr 26 14:35:54 linux-9yja swanctl[1426]: no pools found, 0 unloaded abr 26 14:35:54 linux-9yja swanctl[1426]: no connections found, 0 unloaded abr 26 14:35:54 linux-9yja systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl. Regards, Juan -- USA LINUX OPENSUSE QUE ES SOFTWARE LIBRE, NO NECESITAS PIRATEAR NADA Y NI TE VAS A PREOCUPAR MAS POR LOS VIRUS Y SPYWARES: http://www.opensuse.org/es/ Puedes visitar mi blog en: http://jerbes.blogspot.com.ar/
Hi, Please create a bug report with this information at bugzilla.opensuse.org, you will be able to have a much more efficient conversation with the relevant people there then you will here. Thanks Simon On 4/27/21 3:31 AM, Juan Erbes wrote:
For more than a year I have made the setup of a VPN service with the Yast VPN module.
But now I found the service doesn't work right.
The Yast VPN module don't gives the option to place the user for the connection.
In my Android phone with the Strongswan app, I place the name of the vpn server like "ipsec.name1.name2.net", the user and the password for the service AND IT WORKS!
But with Tumbleed is not so easy.
They are 2 ways tosetup the VPN:
1- Via the Yast VPN module
2- Via Network Manager Strongswan
The configuration Via Network Manager Strongswan is not enabled, then not possible.
I have installed:
NetworkManager-strongswan - NetworkManager VPN support for strongSwan
plasma-nm5-strongswan - strongSwan support for plasma-nm5
strongswan - IPsec-based VPN solution
strongswan-hmac - HMAC files for FIPS-140-2 integrity in strongSwan
strongswan-ipsec - IPsec-based VPN solution
strongswan-libs0 - strongSwan core libraries and basic plugins
strongswan-mysql - MySQL plugin for strongSwan
strongswan-nm - NetworkManager plugin for strongSwan
strongswan-sqlite - SQLite plugin for strongSwan
I have reinstalled all the related packages, but no changes!
The status result of the Yast VPN module is:
● strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using swanctl
Loaded: loaded (/usr/lib/systemd/system/strongswan.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2021-04-26 14:35:54 -03; 22min ago
Process: 1426 ExecStartPost=/usr/sbin/swanctl --load-all --noprompt (code=exited, status=0/SUCCESS)
Main PID: 1140 (charon-systemd)
Status: "charon-systemd running, strongSwan 5.9.0, Linux 5.11.15-1-default, x86_64"
Tasks: 17 (limit: 4915)
CPU: 147ms
CGroup: /system.slice/strongswan.service
└─1140 /usr/sbin/charon-systemd
abr 26 14:35:54 linux-9yja swanctl[1426]: opening directory '/etc/swanctl/private' failed: No such file or directory
abr 26 14:35:54 linux-9yja swanctl[1426]: opening directory '/etc/swanctl/rsa' failed: No such file or directory
abr 26 14:35:54 linux-9yja swanctl[1426]: opening directory '/etc/swanctl/ecdsa' failed: No such file or directory
abr 26 14:35:54 linux-9yja swanctl[1426]: opening directory '/etc/swanctl/bliss' failed: No such file or directory
abr 26 14:35:54 linux-9yja swanctl[1426]: opening directory '/etc/swanctl/pkcs8' failed: No such file or directory
abr 26 14:35:54 linux-9yja swanctl[1426]: opening directory '/etc/swanctl/pkcs12' failed: No such file or directory
abr 26 14:35:54 linux-9yja swanctl[1426]: no authorities found, 0 unloaded
abr 26 14:35:54 linux-9yja swanctl[1426]: no pools found, 0 unloaded
abr 26 14:35:54 linux-9yja swanctl[1426]: no connections found, 0 unloaded
abr 26 14:35:54 linux-9yja systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
Regards, Juan
-- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
El lun, 26 abr 2021 a las 20:06, Simon Lees (<sflees@suse.de>) escribió:
Hi,
Please create a bug report with this information at bugzilla.opensuse.org, you will be able to have a much more efficient conversation with the relevant people there then you will here.
I couldn't login to bugzilla.opensuse.org! If I try to change my password, appear: The system is not configured to allow password change requests. My user and password from https://build.opensuse.org don't work in bugzilla.opensuse.org, and I don't find the option to register in bugzilla, and my old user and password from this site don't work anymore. Regards, Juan -- USA LINUX OPENSUSE QUE ES SOFTWARE LIBRE, NO NECESITAS PIRATEAR NADA Y NI TE VAS A PREOCUPAR MAS POR LOS VIRUS Y SPYWARES: http://www.opensuse.org/es/ Puedes visitar mi blog en: http://jerbes.blogspot.com.ar/
On 05/05/2021 17.45, Juan Erbes wrote:
El lun, 26 abr 2021 a las 20:06, Simon Lees (<sflees@suse.de>) escribió:
Hi,
Please create a bug report with this information at bugzilla.opensuse.org, you will be able to have a much more efficient conversation with the relevant people there then you will here.
I couldn't login to bugzilla.opensuse.org!
If I try to change my password, appear: The system is not configured to allow password change requests.
My user and password from https://build.opensuse.org don't work in bugzilla.opensuse.org, and I don't find the option to register in bugzilla, and my old user and password from this site don't work anymore.
Does the login/password work at other openSUSE sites? You will have to open a ticket. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
El mié, 5 may 2021 a las 17:15, Carlos E. R. (<robin.listas@telefonica.net>) escribió:
On 05/05/2021 17.45, Juan Erbes wrote:
El lun, 26 abr 2021 a las 20:06, Simon Lees (<sflees@suse.de>) escribió:
Hi,
Please create a bug report with this information at bugzilla.opensuse.org, you will be able to have a much more efficient conversation with the relevant people there then you will here.
I couldn't login to bugzilla.opensuse.org!
If I try to change my password, appear: The system is not configured to allow password change requests.
My user and password from https://build.opensuse.org don't work in bugzilla.opensuse.org, and I don't find the option to register in bugzilla, and my old user and password from this site don't work anymore.
Does the login/password work at other openSUSE sites?
You will have to open a ticket.
Open a ticket in Bugzilla? 😂😂😂😂😂😂😂 Regards, Juan -- USA LINUX OPENSUSE QUE ES SOFTWARE LIBRE, NO NECESITAS PIRATEAR NADA Y NI TE VAS A PREOCUPAR MAS POR LOS VIRUS Y SPYWARES: http://www.opensuse.org/es/ Puedes visitar mi blog en: http://jerbes.blogspot.com.ar/
Juan, do you happen to have success using https://bugzilla.suse.com (bsc)? I have intermittent issues with bugzilla.opensuse.org (boo) where I'm immediately dropped right back to the prompt for username/password as if my login failed (it's happening right now as a matter of fact, whereas earlier today it let me in w/o issue). boo & bsc as well as build.opensuse.org all make use of the IDP portal for authentication - so if you can get into build, those creds should work with bsc (and most of the time with boo).
I think the login in bugzilla has a problem. Mostly I must enter my password again and again. Only after some attempts I can login. Regards Eric Am 6. Mai 2021 01:33:27 MESZ schrieb Scott Bradnick <scott.bradnick@suse.com>:
Juan, do you happen to have success using https://bugzilla.suse.com (bsc)? I have intermittent issues with bugzilla.opensuse.org (boo) where I'm immediately dropped right back to the prompt for username/password as if my login failed (it's happening right now as a matter of fact, whereas earlier today it let me in w/o issue).
boo & bsc as well as build.opensuse.org all make use of the IDP portal for authentication - so if you can get into build, those creds should work with bsc (and most of the time with boo).
El jue, 6 may 2021 a las 2:01, Eric Schirra (<ecsos@opensuse.org>) escribió:
I think the login in bugzilla has a problem. Mostly I must enter my password again and again. Only after some attempts I can login.
Regards Eric
Am 6. Mai 2021 01:33:27 MESZ schrieb Scott Bradnick < scott.bradnick@suse.com>:
Juan, do you happen to have success using https://bugzilla.suse.com (bsc)? I have intermittent issues with bugzilla.opensuse.org (boo) where I'm immediately dropped right back to the prompt for username/password as if my login failed (it's happening right now as a matter of fact, whereas earlier today it let me in w/o issue).
boo & bsc as well as build.opensuse.org all make use of the IDP portal for authentication - so if you can get into build, those creds should work with bsc (and most of the time with boo).
I have success using https://build.opensuse.org.
Tried again logged in https://build.opensuse.org in another Firefox tab to log in to https://bugzilla.suse.com with the same user and password, and now it worked ok. Thank You! Regards, Juan -- USA LINUX OPENSUSE QUE ES SOFTWARE LIBRE, NO NECESITAS PIRATEAR NADA Y NI TE VAS A PREOCUPAR MAS POR LOS VIRUS Y SPYWARES: http://www.opensuse.org/es/ Puedes visitar mi blog en: http://jerbes.blogspot.com.ar/
El jue, 6 may 2021 a las 2:01, Eric Schirra (<ecsos@opensuse.org>) escribió:
I think the login in bugzilla has a problem. Mostly I must enter my password again and again. Only after some attempts I can login.
I found 3 bugs for "yast vpn": https://bugzilla.suse.com/show_bug.cgi?id=1085625 https://bugzilla.suse.com/show_bug.cgi?id=1170509 https://bugzilla.suse.com/show_bug.cgi?id=1176735 But none of them has resolution. In my case Strongswan worked from some time, If I do: netstat -anp | more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 924/cupsd tcp 0 0 0.0.0.0:3551 0.0.0.0:* LISTEN 925/apcupsd tcp 0 0 192.168.1.5:46606 52.33.45.66:443 TIME_WAIT - tcp 0 0 127.0.0.1:43346 127.0.0.1:3551 TIME_WAIT - tcp 0 0 127.0.0.1:43316 127.0.0.1:3551 TIME_WAIT - tcp 0 0 127.0.0.1:43320 127.0.0.1:3551 TIME_WAIT - tcp 0 0 127.0.0.1:43330 127.0.0.1:3551 TIME_WAIT - tcp 0 0 127.0.0.1:43340 127.0.0.1:3551 TIME_WAIT - tcp 0 0 127.0.0.1:43326 127.0.0.1:3551 TIME_WAIT - tcp 0 0 127.0.0.1:43314 127.0.0.1:3551 TIME_WAIT - tcp 0 0 192.168.1.5:51212 172.217.162.10:443 TIME_WAIT - tcp 0 0 192.168.1.5:41062 172.217.172.110:443 ESTABLISHED 2553/firefox tcp 0 0 127.0.0.1:43336 127.0.0.1:3551 TIME_WAIT - tcp 0 0 192.168.1.5:51214 172.217.162.10:443 TIME_WAIT - tcp 0 0 192.168.1.5:47574 172.217.172.35:443 ESTABLISHED 2553/firefox tcp 0 0 192.168.1.5:51216 172.217.162.10:443 ESTABLISHED 2553/firefox tcp 0 0 127.0.0.1:43348 127.0.0.1:3551 TIME_WAIT - tcp 0 0 127.0.0.1:43338 127.0.0.1:3551 TIME_WAIT - tcp 1 0 192.168.1.5:36730 13.227.69.22:443 CLOSE_WAIT 2895/plasma-browser tcp 0 0 192.168.1.5:51442 190.225.183.177:443 TIME_WAIT - tcp 0 0 127.0.0.1:43344 127.0.0.1:3551 TIME_WAIT - tcp 0 0 127.0.0.1:43322 127.0.0.1:3551 TIME_WAIT - tcp 0 0 127.0.0.1:43334 127.0.0.1:3551 TIME_WAIT - tcp 0 0 127.0.0.1:43324 127.0.0.1:3551 TIME_WAIT - tcp 0 0 192.168.1.5:51446 190.225.183.177:443 TIME_WAIT - tcp 0 0 127.0.0.1:43342 127.0.0.1:3551 TIME_WAIT - tcp 0 0 127.0.0.1:43328 127.0.0.1:3551 TIME_WAIT - tcp 0 0 192.168.1.5:59762 64.233.186.189:443 ESTABLISHED 2553/firefox tcp 0 0 192.168.1.5:36388 64.233.186.19:443 ESTABLISHED 2553/firefox tcp 0 0 192.168.1.5:54138 44.235.189.138:443 ESTABLISHED 2553/firefox tcp6 0 0 :::1716 :::* LISTEN 1887/kdeconnectd udp 0 0 0.0.0.0:68 0.0.0.0:* 1237/charon-systemd udp 0 0 0.0.0.0:68 0.0.0.0:* 1102/dhclient udp 0 0 127.0.0.1:323 0.0.0.0:* 937/chronyd udp 0 0 0.0.0.0:500 0.0.0.0:* 1237/charon-systemd udp 0 0 224.0.0.56:9875 0.0.0.0:* 1912/pulseaudio udp 0 0 192.168.1.5:34457 224.0.0.56:9875 ESTABLISHED 1912/pulseaudio udp 0 0 192.168.1.5:59053 224.0.0.56:46286 ESTABLISHED 1912/pulseaudio udp 0 0 0.0.0.0:4500 0.0.0.0:* 1237/charon-systemd udp 0 0 0.0.0.0:45488 0.0.0.0:* 668/avahi-daemon: r udp 0 0 0.0.0.0:5353 0.0.0.0:* 668/avahi-daemon: r udp6 0 0 :::38672 :::* 668/avahi-daemon: r udp6 0 0 ::1:323 :::* 937/chronyd Strongswan works, but not in the right way, because it translates the internal addresses to other port, like the external connections, but it continues to show the IP address of my ISP. But the real problem for me, is that YAST does not provide the correct configuration interface for an external VPN server, where I can set the user and password for that external VPN server. The other configuration option for Yast is with a certificate, but it asks me for the key for that certificate, when in fact the service provider does not provide me with any key for their certificate. Here are some example of configurations for other distros and with a provider example: https://www.personalvpn.com/support/linux/ikev2 https://www.personalvpn.com/support/linux/ipsec Regards, Juan -- USA LINUX OPENSUSE QUE ES SOFTWARE LIBRE, NO NECESITAS PIRATEAR NADA Y NI TE VAS A PREOCUPAR MAS POR LOS VIRUS Y SPYWARES: http://www.opensuse.org/es/ Puedes visitar mi blog en: http://jerbes.blogspot.com.ar/
On 06/05/2021 00.05, Juan Erbes wrote:
El mié, 5 may 2021 a las 17:15, Carlos E. R. (<>) escribió:
My user and password from https://build.opensuse.org <https://build.opensuse.org> don't work in bugzilla.opensuse.org <http://bugzilla.opensuse.org>, and I don't find the option to register in bugzilla, and my old user and password from this site don't work anymore.
Does the login/password work at other openSUSE sites?
You will have to open a ticket.
Open a ticket in Bugzilla? 😂😂😂😂😂😂😂
No, that's a bug report, not a ticket. The tickets you open by sending an email to "admin@opensuse.org". Better do so using the same address you have for bugzillas. But do not try to create another account, because that creates extra work for the admins. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
participants (5)
-
Carlos E. R. -
Eric Schirra -
Juan Erbes -
Scott Bradnick -
Simon Lees