[opensuse] IPSec IKEv2 connection on NetworkManager
Hello, I've been trying to create a VPN connection using NetworkManager to an IPSec/IKEv2 PSK endpoint, but I'm not having any success, not even with my search on how to do it, at least with NetworkManager. The VPN endpoint itself is working, as I'm able to connect there, and access remote resources with my android phone (by setting the VPN connection on the Android device). It seems I'm lacking the correct nm plugin for it. Here is what I think the relevant list of software is, that I'm using: - OpenSUSE Leap 15,1 - strongswan-nm-5.8.2-lp151.4.9.1.x86_64 - strongswan-ipsec-5.8.2-lp151.4.9.1.x86_64 - NetworkManager-strongswan-1.4.3-lp151.2.3.x86_64 Is anyone able to help me here, or point me in the right direction? If you require any other information, please let me know. Regards, -- Rui Santos Veni, Vidi, Linux -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hi Rui,
Hello,
I've been trying to create a VPN connection using NetworkManager to an IPSec/IKEv2 PSK endpoint, but I'm not having any success, not even with my search on how to do it, at least with NetworkManager. The VPN endpoint itself is working, as I'm able to connect there, and access remote resources with my android phone (by setting the VPN connection on the Android device).
It seems I'm lacking the correct nm plugin for it. Here is what I think the relevant list of software is, that I'm using: - OpenSUSE Leap 15,1 - strongswan-nm-5.8.2-lp151.4.9.1.x86_64 - strongswan-ipsec-5.8.2-lp151.4.9.1.x86_64 - NetworkManager-strongswan-1.4.3-lp151.2.3.x86_64
this is the list of strongswan related packages for my Tumbleweed installation: NetworkManager-strongswan-1.5.0-1.1 NetworkManager-strongswan-lang-1.5.0-1.1 plasma-nm5-strongswan-5.18.5-2.1 strongswan-ipsec-5.8.4-1.1 strongswan-libs0-5.8.4-1.1 strongswan-nm-5.8.4-1.1 Not sure about Leap 15.1, though
Is anyone able to help me here, or point me in the right direction? If you require any other information, please let me know.
When creating a new connection, you should have an entry "IPsec based VPN (strongswan)" in the list of possible VPN types.
Regards, -- Rui Santos Veni, Vidi, Linux
Bye. Michael. -- Michael Hirmke -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello Michael, Thank you very much for your reply :) I do have an option to create an IPSec based VPN (strongswant) like you've mentioned. I actually have quite a few VPN connections set up with NM. Some OpenVPN, some openconnect, some ppp (yes still :D) and a few IPSec too. The problem with this particular one is that, unlike other IPSEc connections I have configured, which are certificate based (and work pretty good BTW), this one is IKEv2 with PSK as Authentication. On my current NM plugin, I am only given the options, on the Authentication dropbox, for: Certificate/private key, Certificate/ssh-agent, Smartcard and EAP. And on none of those options, I have a text box to specify the PSK secret. I have seen other distributions that actually seem to have this option for PSK, and even on the Strongswan website, it's mentioned there as supported. one coincidence is that, all the success cases I've seen, the NM plugin was not KDE, which is my case. BTW, sorry for not mentioning that in my 1st email. However, you mentioned Tumbleweed too. I will also give both Tumbleweed and Leap 15.1, and maybe beta 15.2 :D, a try on both KDE and Gnome NM plugins to see if I can advance further. Thank you again Michael. Regards, Rui -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
01.06.2020 01:19, Rui Santos пишет:
Hello Michael,
Thank you very much for your reply :)
I do have an option to create an IPSec based VPN (strongswant) like you've mentioned. I actually have quite a few VPN connections set up with NM. Some OpenVPN, some openconnect, some ppp (yes still :D) and a few IPSec too. The problem with this particular one is that, unlike other IPSEc connections I have configured, which are certificate based (and work pretty good BTW), this one is IKEv2 with PSK as Authentication. On my current NM plugin, I am only given the options, on the Authentication dropbox, for: Certificate/private key, Certificate/ssh-agent, Smartcard and EAP. And on none of those options, I have a text box to specify the PSK secret.
I have seen other distributions that actually seem to have this option for PSK, and even on the Strongswan website, it's mentioned there as supported. one coincidence is that, all the success cases I've seen, the NM plugin was not KDE, which is my case. BTW, sorry for not mentioning that in my 1st email.
You can always use nmcli, nmtui or nm-connection-editor to create/edit connection. Do not confuse NetworkManager with GUI used to configure NetworkManager. Tools I mention are part of NM itself and so have most complete support for all features. Various NetworkManager-xxx packages are effectively plugins to nm-connection-editor. KDE is using completely independent implementation that traditionally lags behind.
However, you mentioned Tumbleweed too. I will also give both Tumbleweed and Leap 15.1, and maybe beta 15.2 :D, a try on both KDE and Gnome NM plugins to see if I can advance further.
15.1 should already support PSK for IKEv2. Note that strongswan NM plugin enforces minimal size of 20 characters. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello Andrei,
You can always use nmcli, nmtui or nm-connection-editor to create/edit connection. Do not confuse NetworkManager with GUI used to configure NetworkManager. Tools I mention are part of NM itself and so have most complete support for all features. Various NetworkManager-xxx packages are effectively plugins to nm-connection-editor. KDE is using completely independent implementation that traditionally lags behind.
Perfect :) I've used the nm-connection-editor to work around it, but I had to also install the NetworkManager-strongswan-gnome package. It worked perfectly in configuring the connection, and I'm able to connect using my standard Network Manager applet. Thank you for this tip Andrei, and all of you for all your help. I appreciate it very much.
15.1 should already support PSK for IKEv2. Note that strongswan NM plugin enforces minimal size of 20 characters.
Yes, I knew that. Luckelly (or not :D), the endpoint complies with that requirement. Just for the record, for anyone else, stumbling upon this issue, what I've done was, in a brief summary: - Please bear in mind the packages I already had installed, mentioned at the beginning of this thread, nothing fancy... - strongswan-nm-5.8.2-lp151.4.9.1.x86_64 - strongswan-ipsec-5.8.2-lp151.4.9.1.x86_64 - NetworkManager-strongswan-1.4.3-lp151.2.3.x86_64 - Installed NetworkManager-strongswan-gnome-1.4.3-lp151.2.3.x86_64 (although I am in KDE). I has some dependencies that you'll need to install also, but not much. - Used nm-connection-editor to configure a new connection - Then you can use your Network Manager applet, as usual, to establish the connection. Once again, thank you all for your help on this matter. Best regards, -- Rui Santos Veni, Vidi, Linux -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, 31 May 2020 23:19:46 +0100, Rui Santos wrote:
Hello Michael,
Thank you very much for your reply :)
I do have an option to create an IPSec based VPN (strongswant) like you've mentioned. I actually have quite a few VPN connections set up with NM. Some OpenVPN, some openconnect, some ppp (yes still :D) and a few IPSec too. The problem with this particular one is that, unlike other IPSEc connections I have configured, which are certificate based (and work pretty good BTW), this one is IKEv2 with PSK as Authentication. On my current NM plugin, I am only given the options, on the Authentication dropbox, for: Certificate/private key, Certificate/ssh-agent, Smartcard and EAP. And on none of those options, I have a text box to specify the PSK secret.
I have seen other distributions that actually seem to have this option for PSK, and even on the Strongswan website, it's mentioned there as supported. one coincidence is that, all the success cases I've seen, the NM plugin was not KDE, which is my case. BTW, sorry for not mentioning that in my 1st email.
However, you mentioned Tumbleweed too. I will also give both Tumbleweed and Leap 15.1, and maybe beta 15.2 :D, a try on both KDE and Gnome NM plugins to see if I can advance further.
Thank you again Michael.
Regards, Rui
Rui, This is not an exact answer to your question. You could try ike-shrew. It is available for opensuse 15.1: https://software.opensuse.org/package/ike (Don't use https://software.opensuse.org/ search box because it doesn't find it.) Istvan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Andrei Borzenkov -
Istvan Gabor -
mh@mike.franken.de -
Rui Santos