You are not logged in.

#1 2023-01-31 13:43:36

sjoerd
Member
Registered: 2014-10-08
Posts: 2

connecting to IKEv2 strongswan server using networkmanager

I have setup a vpn server using these instructions: https://hub.docker.com/r/hwdsl2/ipsec-vpn-server
And in particular I followed the IKEv2 instructions: https://github.com/hwdsl2/docker-ipsec- … -ikev2-vpn

On Android and Windows this works great but on Arch I'm having trouble connecting and the level op detail is sparse.
So, more than a solution I'd like to know if there is a way to manually connect? to get more verbose output? if there is a strongswan logfile that I can inspect (didn't find one yet)?

What I did is to extract the p12 file into a ca.crt + client.crt + client.key. I enter these in the corresponding fields of the connection editor.
When I start the connection with nmcli I see:

$ sudo nmcli connection up vpn
Error: Connection activation failed: Unknown reason
Hint: use 'journalctl -xe NM_CONNECTION=83a5a9d0-953b-4310-8a65-f635e5b090ff + NM_DEVICE=wlan0' to get more details.

And the journal says:

Jan 31 14:35:04 bloom NetworkManager[1415]: <info>  [1675172104.2076] vpn[0x563988bf63b0,83a5a9d0-953b-4310-8a65-f635e5b090ff,"vpn"]: starting strongswan
Jan 31 14:35:04 bloom NetworkManager[1415]: <warn>  [1675172104.4066] vpn[0x563988bf63b0,83a5a9d0-953b-4310-8a65-f635e5b090ff,"vpn"]: dbus: failure: connect-failed (1)
Jan 31 14:35:04 bloom NetworkManager[1415]: <warn>  [1675172104.4067] vpn[0x563988bf63b0,83a5a9d0-953b-4310-8a65-f635e5b090ff,"vpn"]: dbus: failure: connect-failed (1)
Jan 31 14:35:04 bloom NetworkManager[1415]: <warn>  [1675172104.4071] vpn[0x563988bf63b0,83a5a9d0-953b-4310-8a65-f635e5b090ff,"vpn"]: dbus: failure: login-failed (0)

Googling hasn't helped a lot besides the suggestion that networkmanager is likely more strict about the ca cert than windows and/or android and that I should check that names on certs match. But how do I see these? What has to match what? What did it get? and what did it expect to get? If that's even the issue.

And more generally: where do I find more verbose output about what's going wrong?

If anyone recognizes this issue and knows a solution, that would be more than welcome too but I imagine that would be too much to ask for without further information.

Offline

#2 2023-02-01 13:49:09

ecdsa
Member
Registered: 2012-12-17
Posts: 2

Re: connecting to IKEv2 strongswan server using networkmanager

It sounds like something is missing, e.g. charon-nm, which is strongSwan's NM backend that should get activated via D-Bus. If it was started, you'd see log messages in the journal (perhaps try journalctl without the filters).

Offline

Board footer

Powered by FluxBB