Re: VPN (IPsec/L2TP) to windows server

From: Thomas Haller <thaller redhat com>
To: "michaelof rocketmail com" <michaelof rocketmail com>, networkmanager-list gnome org
Subject: Re: VPN (IPsec/L2TP) to windows server
Date: Mon, 25 Jan 2021 16:13:36 +0100

On Mon, 2021-01-25 at 13:36 +0100, michaelof--- via networkmanager-list
wrote:

Hi all,



first post to this mailing list, after being subscribed.


I've got trouble with a VPN connection from several LINUX systems
tested (and also Android) to a IPsec/L2TP VPN on a MSWIN server. FYI
Windows to Windows connection works fine, at once, with MSWIN default
settings, tested on a VM running in my Linux (OpenSuse) box. 

Detailed description here:
https://forums.opensuse.org/showthread.php/549340-VPN-(ipsec-l2tp)-to-windows-server
No solution.

Asked also here:
https://lists.openswan.org/pipermail/users/2021-January/023799.html
No answer.


So trying here if I maybe could get a hint for narrowing down
further: As written to the openswan mailing list, it might be
possible that setting "leftprotoport=udp/%any" to the IPsec settings
would solve the problem (Found here:
https://lists.openswan.org/pipermail/users/2013-July/022547.html)

But I have no clue how/where to enter this param, adding to
/etc/ipsec.conf does not help.

Could you give me some hints how NetworkManager works internally,
when setting up an IPsec connection? I've got the impression that
NetworkManager creates some "temporary" connections, where are they
stored? And how can I debug them?



Hi,


On Linux, there are (at least) two IPSec implmentations: strongswan and
libreswan (formerly openswan). Both have a VPN plugin for
NetworkManager.

The libreswan plugin is here:
https://gitlab.gnome.org/GNOME/NetworkManager-libreswan/


As always in NetworkManager, you create a "connection profile" with the
settings for your VPN. The simplest way is via nm-connection-editor
(and installing the GTK plugin). You can of course use nmcli for that
too, the problem is that then you need to configure the right keys, and
that is not well documented. So, a good start is using the GUI, and
check what it does (with `nmcli connection show "$PROFILE"`). Or, read
the source code (in gitlab).

If you have a configuration file for libreswan, you also can import it
with nm-connection-editor or `nmcli connection import type libreswan
file "$FILENAME"`.


best,
Thomas

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: VPN (IPsec/L2TP) to windows server
  - From: michaelof rocketmail com

References:
- VPN (IPsec/L2TP) to windows server
  - From: michaelof rocketmail com

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]