subject:"openswan\/libreswan VPNs and NetworkManager"

Re: openswan/libreswan VPNs and NetworkManager

2021-11-02 Thread Tom Hughes via devel


Fedora also doesn't shop openswan so a plugin wouldn't be very useful.

There does seem to be a plasma-nm-strongswan though, but not one for
libreswan that I can see.

Also NetworkManager's libreswan plugin used to be called openswan
up to version 1.0.0 when it was renamed (libreswan is a fork of
openswan) so I suspect the plasma-nm-openswan is really configuring
the libreswan plugin now and nmcli may well still accept openswan
as an alias I guess?

Tom

On 02/11/2021 18:16, Mattia Verga via devel wrote:
That's the reason of my confusion: Fedora doesn't ship NM plugin for 
openswan, but ships libreswan and strongswan plugins. Yet, plasma-nm 
doesn't have an interface to create/manage libreswan or strongswan VPNs, 
but it has interface for openswan.


Creating an openswan VPN connection either in plasma-nm or directly in 
nmcli seems to work in some way... but how, since there is no plugin?



Inviato da ProtonMail mobile



 Messaggio originale 
On 2 Nov 2021, 15:23, Petr Pisar < ppi...@redhat.com> ha scritto:


V Tue, Nov 02, 2021 at 02:08:58PM +, Mattia Verga via devel
napsal(a):
 > mmm, but if I:
 > $ nmcli conn add type vpn vpn-type openswan
 >
 > it creates a vpn of vpn-type=org.freedesktop.NetworkManager.openswan,
 > while if I:
 > $ nmcli conn add type vpn vpn-type libreswan
 >
 > it creates a vpn-type=org.freedesktop.NetworkManager.libreswan
 >
 > Do you mean that both are using the same implementation even if they
 > seem to point to different plugins?
 >
No. I think each plugin uses a different implementation. I made few
mistakes
in my previous reply and I explained them later. I'm sorry.

-- Petr
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct
/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org


Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure



___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure




--
Tom Hughes (t...@compton.nu)
http://compton.nu/
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: openswan/libreswan VPNs and NetworkManager

2021-11-02 Thread Mattia Verga via devel

That's the reason of my confusion: Fedora doesn't ship NM plugin for openswan, 
but ships libreswan and strongswan plugins. Yet, plasma-nm doesn't have an 
interface to create/manage libreswan or strongswan VPNs, but it has interface 
for openswan.

Creating an openswan VPN connection either in plasma-nm or directly in nmcli 
seems to work in some way... but how, since there is no plugin?

Inviato da ProtonMail mobile

 Messaggio originale 
On 2 Nov 2021, 15:23, Petr Pisar ha scritto:

> V Tue, Nov 02, 2021 at 02:08:58PM +, Mattia Verga via devel napsal(a):
>> mmm, but if I:
>> $ nmcli conn add type vpn vpn-type openswan
>>
>> it creates a vpn of vpn-type=org.freedesktop.NetworkManager.openswan,
>> while if I:
>> $ nmcli conn add type vpn vpn-type libreswan
>>
>> it creates a vpn-type=org.freedesktop.NetworkManager.libreswan
>>
>> Do you mean that both are using the same implementation even if they
>> seem to point to different plugins?
>>
> No. I think each plugin uses a different implementation. I made few mistakes
> in my previous reply and I explained them later. I'm sorry.
>
> -- Petr
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it: 
> https://pagure.io/fedora-infrastructure___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: openswan/libreswan VPNs and NetworkManager

2021-11-02 Thread Petr Pisar

V Tue, Nov 02, 2021 at 02:08:58PM +, Mattia Verga via devel napsal(a):
> mmm, but if I:
> $ nmcli conn add type vpn vpn-type openswan
> 
> it creates a vpn of vpn-type=org.freedesktop.NetworkManager.openswan,
> while if I:
> $ nmcli conn add type vpn vpn-type libreswan
> 
> it creates a vpn-type=org.freedesktop.NetworkManager.libreswan
> 
> Do you mean that both are using the same implementation even if they
> seem to point to different plugins?
> 
No. I think each plugin uses a different implementation. I made few mistakes
in my previous reply and I explained them later. I'm sorry.

-- Petr


signature.asc
Description: PGP signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: openswan/libreswan VPNs and NetworkManager

2021-11-02 Thread Petr Pisar

V Tue, Nov 02, 2021 at 09:24:33AM -0400, Simo Sorce napsal(a):
> Petr,
> your message comes back quite unclear.
> 
I'm sorry. I made a typo:

  So the answer is that nmcli in Fedora does NOT use Openswan

> I think what you mean is that because there were multiple related
> implementations of IPsec all derived by the same old project that NM
> decided to support them all under the name "openswan", but it is
> compatible also with configuring libreswan and strongswan which were
> forks of this project in the past and then developed independently.
>
> Just to be clear, IPsec *is* a protocol, and Openswan *is* an
> implementation, it's just the NM treat all of these implementation the
> same and handles them all with a single plugin.
> 
> It's be nice if NM renamed it's plugin to something that just uses the
> name IPsec, it would avoid a lot of confusion.
> 
And my repoquery was suboptimal:

# dnf -q repoquery --qf '%{name} %{summary}' 'NetworkManager*' |grep -i IPsec
NetworkManager-l2tp NetworkManager VPN plugin for L2TP and L2TP/IPsec
NetworkManager-l2tp-gnome NetworkManager VPN plugin for L2TP and L2TP/IPsec - 
GNOME files
NetworkManager-libreswan NetworkManager VPN plug-in for IPsec VPN
NetworkManager-strongswan NetworkManager strongSwan IPSec VPN plug-in

(See the IPsec misspelling at NetworkManager-strongswan.)

I wanted to say that each swan has its own plugin for NetworkManager.
Openswan also had its own. Maybe the swans are not fully interchangable. Maybe
their packaging predates RPM rich dependencies. Also historically, there were
other, unrelated IPsec implementations (Plutto, Racoon) with a completely
different interface.

-- Petr



signature.asc
Description: PGP signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: openswan/libreswan VPNs and NetworkManager

2021-11-02 Thread Mattia Verga via devel

Il 02/11/21 13:15, Petr Pisar ha scritto:
> V Tue, Nov 02, 2021 at 09:46:28AM +, Mattia Verga via devel napsal(a):
>> I was trying to set up a VPN to my work company network. It seems I need
>> to use IPSec XAuth PSK, so I found some guide in internet that says to
>> set up a libreswan VPN.
>> I'm facing several problems, first of all I'm using Plasma KDE which
>> seems to not have a GUI for setup/editing libreswan VPNs. Plasma-nm only
>> has support for openswan. I've reported that upstream and downstream. So
>> I went setting up the VPN through nmcli: it doesn't work, but that's not
>> my point here.
>>
>> I was wondering how both plasma-nm and nmcli allow to setup an openswan
>> VPN since openswan has been retired in Fedora many years ago... it also
>> seems to work (well, in some way, since the connection fails) even if
>> there's no NM plugin or openswan package installed.
>> How is it possible? Does NM bundles some openswan library itself? If so,
>> is it updated (latest Fedora openswan build was 8 years ago) or there
>> may be any security concern?
>>
> An explanation is that you mistaken IPsec as a protocol and Openswan as an
> implementation of the protocol. There are multiple implementations of IPsec.
> E.g. in Fedora we have Strongswan and Libreswan. And NetworkManager plugins
> for both of them:
>
> # dnf repoquery --qf '%{name} %{summary}' |grep IPsec
> NetworkManager-l2tp NetworkManager VPN plugin for L2TP and L2TP/IPsec
> NetworkManager-l2tp-gnome NetworkManager VPN plugin for L2TP and L2TP/IPsec - 
> GNOME files
> NetworkManager-libreswan NetworkManager VPN plug-in for IPsec VPN
> ike-scan IKE protocol tool to discover, fingerprint and test IPsec VPN servers
> libreswan Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
> openvswitch-ipsec Open vSwitch IPsec tunneling support
> strongswan An OpenSource IPsec-based VPN and TNC solution
>
> So the answer is that nmcli in Fedora does use Openswan. It uses Strongswan or
> Libreswan.
>
> -- Petr

mmm, but if I:
$ nmcli conn add type vpn vpn-type openswan

it creates a vpn of vpn-type=org.freedesktop.NetworkManager.openswan,
while if I:
$ nmcli conn add type vpn vpn-type libreswan

it creates a vpn-type=org.freedesktop.NetworkManager.libreswan

Do you mean that both are using the same implementation even if they
seem to point to different plugins?

Mattia

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: openswan/libreswan VPNs and NetworkManager

2021-11-02 Thread Simo Sorce

On Tue, 2021-11-02 at 13:15 +0100, Petr Pisar wrote:
> V Tue, Nov 02, 2021 at 09:46:28AM +, Mattia Verga via devel napsal(a):
> > I was trying to set up a VPN to my work company network. It seems I need
> > to use IPSec XAuth PSK, so I found some guide in internet that says to
> > set up a libreswan VPN.
> > I'm facing several problems, first of all I'm using Plasma KDE which
> > seems to not have a GUI for setup/editing libreswan VPNs. Plasma-nm only
> > has support for openswan. I've reported that upstream and downstream. So
> > I went setting up the VPN through nmcli: it doesn't work, but that's not
> > my point here.
> > 
> > I was wondering how both plasma-nm and nmcli allow to setup an openswan
> > VPN since openswan has been retired in Fedora many years ago... it also
> > seems to work (well, in some way, since the connection fails) even if
> > there's no NM plugin or openswan package installed.
> > How is it possible? Does NM bundles some openswan library itself? If so,
> > is it updated (latest Fedora openswan build was 8 years ago) or there
> > may be any security concern?
> > 
> An explanation is that you mistaken IPsec as a protocol and Openswan as an
> implementation of the protocol. There are multiple implementations of IPsec.
> E.g. in Fedora we have Strongswan and Libreswan. And NetworkManager plugins
> for both of them:
> 
> # dnf repoquery --qf '%{name} %{summary}' |grep IPsec
> NetworkManager-l2tp NetworkManager VPN plugin for L2TP and L2TP/IPsec
> NetworkManager-l2tp-gnome NetworkManager VPN plugin for L2TP and L2TP/IPsec - 
> GNOME files
> NetworkManager-libreswan NetworkManager VPN plug-in for IPsec VPN
> ike-scan IKE protocol tool to discover, fingerprint and test IPsec VPN servers
> libreswan Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
> openvswitch-ipsec Open vSwitch IPsec tunneling support
> strongswan An OpenSource IPsec-based VPN and TNC solution
> 
> So the answer is that nmcli in Fedora does use Openswan. It uses Strongswan or
> Libreswan.

Petr,
your message comes back quite unclear.

I think what you mean is that because there were multiple related
implementations of IPsec all derived by the same old project that NM
decided to support them all under the name "openswan", but it is
compatible also with configuring libreswan and strongswan which were
forks of this project in the past and then developed independently.

Just to be clear, IPsec *is* a protocol, and Openswan *is* an
implementation, it's just the NM treat all of these implementation the
same and handles them all with a single plugin.

It's be nice if NM renamed it's plugin to something that just uses the
name IPsec, it would avoid a lot of confusion.

HTH,
Simo.

-- 
Simo Sorce
RHEL Crypto Team
Red Hat, Inc



___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: openswan/libreswan VPNs and NetworkManager

2021-11-02 Thread Petr Pisar

V Tue, Nov 02, 2021 at 09:46:28AM +, Mattia Verga via devel napsal(a):
> I was trying to set up a VPN to my work company network. It seems I need
> to use IPSec XAuth PSK, so I found some guide in internet that says to
> set up a libreswan VPN.
> I'm facing several problems, first of all I'm using Plasma KDE which
> seems to not have a GUI for setup/editing libreswan VPNs. Plasma-nm only
> has support for openswan. I've reported that upstream and downstream. So
> I went setting up the VPN through nmcli: it doesn't work, but that's not
> my point here.
> 
> I was wondering how both plasma-nm and nmcli allow to setup an openswan
> VPN since openswan has been retired in Fedora many years ago... it also
> seems to work (well, in some way, since the connection fails) even if
> there's no NM plugin or openswan package installed.
> How is it possible? Does NM bundles some openswan library itself? If so,
> is it updated (latest Fedora openswan build was 8 years ago) or there
> may be any security concern?
> 
An explanation is that you mistaken IPsec as a protocol and Openswan as an
implementation of the protocol. There are multiple implementations of IPsec.
E.g. in Fedora we have Strongswan and Libreswan. And NetworkManager plugins
for both of them:

# dnf repoquery --qf '%{name} %{summary}' |grep IPsec
NetworkManager-l2tp NetworkManager VPN plugin for L2TP and L2TP/IPsec
NetworkManager-l2tp-gnome NetworkManager VPN plugin for L2TP and L2TP/IPsec - 
GNOME files
NetworkManager-libreswan NetworkManager VPN plug-in for IPsec VPN
ike-scan IKE protocol tool to discover, fingerprint and test IPsec VPN servers
libreswan Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
openvswitch-ipsec Open vSwitch IPsec tunneling support
strongswan An OpenSource IPsec-based VPN and TNC solution

So the answer is that nmcli in Fedora does use Openswan. It uses Strongswan or
Libreswan.

-- Petr


signature.asc
Description: PGP signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

openswan/libreswan VPNs and NetworkManager

2021-11-02 Thread Mattia Verga via devel

I'm totally noob about VPNs and NetworkManager, so forgive me if I'm
writing something wrong.

I was trying to set up a VPN to my work company network. It seems I need
to use IPSec XAuth PSK, so I found some guide in internet that says to
set up a libreswan VPN.
I'm facing several problems, first of all I'm using Plasma KDE which
seems to not have a GUI for setup/editing libreswan VPNs. Plasma-nm only
has support for openswan. I've reported that upstream and downstream. So
I went setting up the VPN through nmcli: it doesn't work, but that's not
my point here.

I was wondering how both plasma-nm and nmcli allow to setup an openswan
VPN since openswan has been retired in Fedora many years ago... it also
seems to work (well, in some way, since the connection fails) even if
there's no NM plugin or openswan package installed.
How is it possible? Does NM bundles some openswan library itself? If so,
is it updated (latest Fedora openswan build was 8 years ago) or there
may be any security concern?

Mattia

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: openswan/libreswan VPNs and NetworkManager

Re: openswan/libreswan VPNs and NetworkManager

Re: openswan/libreswan VPNs and NetworkManager

Re: openswan/libreswan VPNs and NetworkManager

Re: openswan/libreswan VPNs and NetworkManager

Re: openswan/libreswan VPNs and NetworkManager

Re: openswan/libreswan VPNs and NetworkManager

openswan/libreswan VPNs and NetworkManager

8 matches

Site Navigation

Mail list logo

Footer information