You are not logged in.

#1 2021-11-25 14:11:57

besen
Member
Registered: 2017-03-11
Posts: 13

Networkmanager openswan plugin

I want to connect to a company VPN that uses IPSec and offers IKEv1 and IKEv2. Currently Im using vpnc via networkmanager-vpnc and the kde networkmanager plugin but vpnc only supports IKEv1. As this is considered unsecure I want to use IKEv2 so I tried using openswan and configured everything in the KDE network manger. However this doesnt work without the networkmanger-openswan plugin.
I cant find that plugin in either the official reporsitories or the AUR. However it seems that there once was a networkmanager-openswan package (see: https://bbs.archlinux.org/viewtopic.php?id=216254)
Can someone tell me why there is no package anymore or where I could find networkmanager-openswan elsewhere?

I would also be finde with using strongswan or libreswan wheere packages are available but my company uses preshared keys which I couldn't configured in the KDE networkmanger for strongswan. Does anyone know how to configure this? would I need to write my own config files is is it just not supported by networkmanager for strongswan/libreswan?

thanks for any help in advance.

Offline

#2 2022-01-03 10:33:12

besen
Member
Registered: 2017-03-11
Posts: 13

Re: Networkmanager openswan plugin

push

Offline

#3 2022-01-03 11:11:54

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 21,425

Re: Networkmanager openswan plugin

In general, don't do that: https://wiki.archlinux.org/title/Genera … es#Bumping

I'd assume it got deprecated in favor of strongswan/libreswan. strongswan is what implements IKEv2 so focus on using/fixing that. I'm not sure what problems you have here, my KDE dialog definitely includes the ability to configure private keys what doesn't work/is lacking exactly? Can you link to a screenshot of what you're seeing?

Offline

#4 2022-01-03 11:50:44

besen
Member
Registered: 2017-03-11
Posts: 13

Re: Networkmanager openswan plugin

Im sorry about the Bumping. I thought noone would read the thread if its to old and posting again would be worse.
Thank you for your reply though. I think you confused private keys with preshared keys. My company uses preshared keys (passwords). The KDE dialog calls this Group password.
I can select EAP with strongswan but then I can only enter the user password but not the group password as I can with vpnc. Do you have any further tips?
Here are screenshots of vpnc and strongswan
https://i.ibb.co/nMFzrGY/Screenshot-vpnc.png
https://i.ibb.co/F4HC00W/Screenshot-strongswan.png

moderator edit -- replaced oversized images with links.
Pasting pictures and code

Last edited by 2ManyDogs (2022-01-03 13:25:33)

Offline

#5 2022-01-03 12:04:49

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: Networkmanager openswan plugin

Shouldn't you select PSK instead of EAP?


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#6 2022-01-03 12:09:19

besen
Member
Registered: 2017-03-11
Posts: 13

Re: Networkmanager openswan plugin

Unfortunatly PSK is not available in the drop-down menu.
https://i.ibb.co/g3g53r3/Screenshot-psk.png


moderator edit -- replaced oversized image with link.
Pasting pictures and code

Last edited by 2ManyDogs (2022-01-03 13:26:11)

Offline

#7 2022-01-03 12:34:10

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: Networkmanager openswan plugin

Try it with the (gtk) nm-connection-editor instead. The KDE variant may be different.


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#8 2022-01-03 13:27:35

2ManyDogs
Forum Moderator
Registered: 2012-01-15
Posts: 4,645

Re: Networkmanager openswan plugin

Please post only thumbnails or links to images.

besen, this is the second time in this thread a moderator has reminded you about the Rules. Please read General guidelines before you post again.


How to post. A sincere effort to use modest and proper language and grammar is a sign of respect toward the community.

Offline

#9 2022-01-03 16:08:25

besen
Member
Registered: 2017-03-11
Posts: 13

Re: Networkmanager openswan plugin

Im not sure if I explained this correctly. The only login solution my company provided me with is a user/usepassword and a group/grouppassword (psk). I was able to connect with vpnc (with IKEv1).
the reason I asked for the networkmanager-openswan plugin is because the kde interface offers a group/group-password for openswan connections. See the screenshot here:
Screenshot-openswan.png

Offline

#10 2022-01-03 16:22:47

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 21,425

Re: Networkmanager openswan plugin

Yeah I checked over the sources now the KDE UI  lacks support for the PSK mode. as mentioned you can check whether the GTK networkmanager clients properly allow you to set this up, after setting it up you should trivially be able to use KDE's UI for plain connection purposes.

It's technically also doesn't look to hard to implement, maybe consider making a feature request on bugs.kde.org against plasma-nm to have the PSK mode added. From a strongswan perspective this should be all possible

Last edited by V1del (2022-01-03 16:23:05)

Offline

#11 2022-01-03 17:43:43

besen
Member
Registered: 2017-03-11
Posts: 13

Re: Networkmanager openswan plugin

I found this thread that also explains that the psk authentication isnt implemented in the kde network manager.
https://unix.stackexchange.com/question … ication-op

I can select PSK in gtk network-manager but Im not sure how I would configure that, as there are no fields for group name and group password.

Screenshot-strongswan-gtk.png

Offline

#12 2022-01-10 09:47:30

besen
Member
Registered: 2017-03-11
Posts: 13

Re: Networkmanager openswan plugin

Today I tried installing networkmanager-libreswan from AUR. Because I read that some distros use libreswan as a replacement for openswan. After that the kde network manager didn't complain that I did not install the correct plugin for openswan. So that seemed to work. But It reported that the VPN connection failed to activate. This is my journal:

Jan 10 10:34:19 spreewald NetworkManager[1100]: <info>  [1641807259.7308] audit: op="connection-activate" uuid="3102e324-ab6b-46e6-aac2-6cd964f9c1fc" name="New vpn connection" pid=5571 uid=1000 result="success"
Jan 10 10:34:19 spreewald NetworkManager[1100]: <info>  [1641807259.7308] audit: op="connection-activate" uuid="3102e324-ab6b-46e6-aac2-6cd964f9c1fc" name="New vpn connection" pid=5571 uid=1000 result="success"
Jan 10 10:34:19 spreewald NetworkManager[1100]: <info>  [1641807259.7308] audit: op="connection-activate" uuid="3102e324-ab6b-46e6-aac2-6cd964f9c1fc" name="New vpn connection" pid=5571 uid=1000 result="success"
Jan 10 10:34:19 spreewald NetworkManager[1100]: <info>  [1641807259.7308] audit: op="connection-activate" uuid="3102e324-ab6b-46e6-aac2-6cd964f9c1fc" name="New vpn connection" pid=5571 uid=1000 result="success"
Jan 10 10:34:19 spreewald NetworkManager[1100]: <info>  [1641807259.7308] audit: op="connection-activate" uuid="3102e324-ab6b-46e6-aac2-6cd964f9c1fc" name="New vpn connection" pid=5571 uid=1000 result="success"
Jan 10 10:34:19 spreewald kernel: audit: type=1111 audit(1641807259.726:186): pid=1100 uid=0 auid=4294967295 ses=4294967295 msg='op=connection-activate uuid=3102e324-ab6b-46e6-aac2-6cd964f9c1fc name=4E65772076706E20636F6E6E656374696F6E pid=5571 uid=1000 result=success exe="/usr/bin/Netwo>
Jan 10 10:34:19 spreewald NetworkManager[1100]: <info>  [1641807259.7378] vpn-connection[0x55e3758b4300,3102e324-ab6b-46e6-aac2-6cd964f9c1fc,"New vpn connection",0]: Started the VPN service, PID 27327
Jan 10 10:34:19 spreewald NetworkManager[1100]: <info>  [1641807259.7527] vpn-connection[0x55e3758b4300,3102e324-ab6b-46e6-aac2-6cd964f9c1fc,"New vpn connection",0]: Saw the service appear; activating connection
Jan 10 10:34:19 spreewald kded5[1654]: plasma-nm: Unhandled VPN connection state change:  2
Jan 10 10:34:19 spreewald kded5[1654]: plasma-nm: virtual NMVariantMapMap SecretAgent::GetSecrets(const NMVariantMapMap&, const QDBusObjectPath&, const QString&, const QStringList&, uint)
Jan 10 10:34:19 spreewald kded5[1654]: plasma-nm: Path: "/org/freedesktop/NetworkManager/Settings/9"
Jan 10 10:34:19 spreewald kded5[1654]: plasma-nm: Setting name: "vpn"
Jan 10 10:34:19 spreewald kded5[1654]: plasma-nm: Hints: ()
Jan 10 10:34:19 spreewald kded5[1654]: plasma-nm: Flags: 4
Jan 10 10:34:19 spreewald kded5[1654]: plasma-nm: Unhandled VPN connection state change:  3
Jan 10 10:34:19 spreewald NetworkManager[1100]: <info>  [1641807259.7858] vpn-connection[0x55e3758b4300,3102e324-ab6b-46e6-aac2-6cd964f9c1fc,"New vpn connection",0]: VPN plugin: state changed: starting (3)
Jan 10 10:34:19 spreewald NetworkManager[1100]: <info>  [1641807259.7859] vpn-connection[0x55e3758b4300,3102e324-ab6b-46e6-aac2-6cd964f9c1fc,"New vpn connection",0]: VPN connection: (ConnectInteractive) reply received
Jan 10 10:34:19 spreewald NetworkManager[27333]: whack: Pluto is not running (no "/run/pluto/pluto.ctl")
Jan 10 10:34:20 spreewald NetworkManager[27589]: ERROR: destination directory "/var/lib/ipsec/nss" is missing or permission denied
Jan 10 10:34:20 spreewald pluto[27591]: Initializing NSS using read-write database "sql:/var/lib/ipsec/nss"
Jan 10 10:34:20 spreewald pluto[27591]: FATAL ERROR: NSS: initialization using read-only database "sql:/var/lib/ipsec/nss" failed: SEC_ERROR 18 (0x12): security library: bad database.
Jan 10 10:34:20 spreewald NetworkManager[27595]: whack: Pluto is not running (no "/run/pluto/pluto.ctl")
Jan 10 10:34:20 spreewald NetworkManager[27599]: whack: Pluto is not running (no "/run/pluto/pluto.ctl")
Jan 10 10:34:20 spreewald NetworkManager[27602]: connect(pluto_ctl) failed: No such file or directory
Jan 10 10:34:20 spreewald libipsecconf[27602]: connect(pluto_ctl) failed: No such file or directory
Jan 10 10:34:20 spreewald NetworkManager[1100]: <warn>  [1641807260.3878] vpn-connection[0x55e3758b4300,3102e324-ab6b-46e6-aac2-6cd964f9c1fc,"New vpn connection",0]: VPN plugin: failed: connect-failed (1)
Jan 10 10:34:20 spreewald NetworkManager[1100]: <warn>  [1641807260.3878] vpn-connection[0x55e3758b4300,3102e324-ab6b-46e6-aac2-6cd964f9c1fc,"New vpn connection",0]: VPN plugin: failed: connect-failed (1)
Jan 10 10:34:20 spreewald NetworkManager[1100]: <info>  [1641807260.3878] vpn-connection[0x55e3758b4300,3102e324-ab6b-46e6-aac2-6cd964f9c1fc,"New vpn connection",0]: VPN plugin: state changed: stopping (5)
Jan 10 10:34:20 spreewald NetworkManager[27603]: whack: Pluto is not running (no "/run/pluto/pluto.ctl")
Jan 10 10:34:20 spreewald NetworkManager[1100]: <info>  [1641807260.3890] vpn-connection[0x55e3758b4300,3102e324-ab6b-46e6-aac2-6cd964f9c1fc,"New vpn connection",0]: VPN plugin: state changed: stopped (6)
Jan 10 10:34:20 spreewald NetworkManager[1100]: <info>  [1641807260.3909] vpn-connection[0x55e3758b4300,3102e324-ab6b-46e6-aac2-6cd964f9c1fc,"New vpn connection",0]: VPN service disappeared

Offline

Board footer

Powered by FluxBB