Am 25.01.21 um 16:13 schrieb Thomas Haller: > On Mon, 2021-01-25 at 13:36 +0100, michaelof--- via networkmanager-list > wrote: >> Hi all, >> >> >> >> first post to this mailing list, after being subscribed. >> >> >> I've got trouble with a VPN connection from several LINUX systems >> tested (and also Android) to a IPsec/L2TP VPN on a MSWIN server. FYI >> Windows to Windows connection works fine, at once, with MSWIN default >> settings, tested on a VM running in my Linux (OpenSuse) box. >> >> Detailed description here: >> https://forums.opensuse.org/showthread.php/549340-VPN-(ipsec-l2tp)-to-windows-server >> No solution. >> >> Asked also here: >> https://lists.openswan.org/pipermail/users/2021-January/023799.html >> No answer. >> >> >> So trying here if I maybe could get a hint for narrowing down >> further: As written to the openswan mailing list, it might be >> possible that setting "leftprotoport=udp/%any" to the IPsec settings >> would solve the problem (Found here: >> https://lists.openswan.org/pipermail/users/2013-July/022547.html) >> >> But I have no clue how/where to enter this param, adding to >> /etc/ipsec.conf does not help. >> >> Could you give me some hints how NetworkManager works internally, >> when setting up an IPsec connection? I've got the impression that >> NetworkManager creates some "temporary" connections, where are they >> stored? And how can I debug them? >> > > > Hi, > > > On Linux, there are (at least) two IPSec implmentations: strongswan and > libreswan (formerly openswan). Both have a VPN plugin for > NetworkManager. > > The libreswan plugin is here: > https://gitlab.gnome.org/GNOME/NetworkManager-libreswan/ > > > As always in NetworkManager, you create a "connection profile" with the > settings for your VPN. The simplest way is via nm-connection-editor > (and installing the GTK plugin). You can of course use nmcli for that > too, the problem is that then you need to configure the right keys, and > that is not well documented. So, a good start is using the GUI, and > check what it does (with `nmcli connection show "$PROFILE"`). Or, read > the source code (in gitlab). > > If you have a configuration file for libreswan, you also can import it > with nm-connection-editor or `nmcli connection import type libreswan > file "$FILENAME"`. > > > best, > Thomas >
Hi Thomas, THANKS for answering! And thanks for the hints for nmcli, never used/beeing aware of it before. Checked my (OpenSuse) system, I've strongswan installed. OpenSuse NetworkManager plugin repo pkgs exist for both strongswan and libreswan. Installed the strongswan plugin, but I'm confused: I'm getting an option now for the creation of "VPN based on IPsec (strongswan) / VPN based in IPsec, IKEv1, IKEv2". But trying this option does not provide me any L2TP options. So - I'm not a vpn expert - I think that my orgininally used NetworkManager vpn plugin "NetworkManager-l2tp"/"NetworkManager-l2tp-gnome" seems to be the correct one. If working :( Mystic to me is the way how NetworkManager "triggers" the interaction between the IPsec part and the L2TP part within this plugin: At first encrypted IPsec connections seems to be established, using existing strongswan instrallation (no idea how to "tell" to use libreswan instead, if additionally installed). And secondly, the L2TP part seems to fail, whyever. Hint from stronsgwan mailing list's earlier thread was to set "leftprotoport=udp/l2tp rightprotoport=udp/any", but I've no idea where and how in combination with NetworkManager. Michael _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
