[Bug 1457078] Re: L2TP client support for PSK removed from 15.04/15.10
This has frustrated me for a month or so... I can get onto my work VPN via the ShrewSoft client (ike and ike-qtgui) but it's not integrated with NetworkManager (and overwrites /etc/resolv.conf, interfering with it). You have to resort to manual configuration of the dnsmasq instance created by NetworkManager in order to get it to play nice with managed connections - turn off the DNS settings in the ShrewSoft client and add them manually to dnsmasq to stop it overwriting /etc/resolv.conf The manual config above may also work, but likewise, won't play nice with other NetworkManager connections. The NM plugin for StrongSwan has been updated to support PSK but I don't know if this means it supports IKEv1... it imposes a 20 character minimum, and of course, my network admin has configured a PSK shorter than this, so I can't test it. I agree with the sentiments expressed above that removing support for an exceedingly common (if not best-practice) VPN configuration does not create the best impression of Ubuntu. RedHat has retained support via the NetworkManager-libreswan plugin as described in the page below. https://access.redhat.com/documentation/en- US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec- Securing_Virtual_Private_Networks.html Sadly, Debian still has libreswan in the "experimental" section. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1457078 Title: L2TP client support for PSK removed from 15.04/15.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1457078/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1457078] Re: L2TP client support for PSK removed from 15.04/15.10
Answer #4 here: http://askubuntu.com/questions/617785/how-to-connect-to-l2tp-over-ipsec-vpn Cheers :-) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1457078 Title: L2TP client support for PSK removed from 15.04/15.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1457078/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1457078] Re: L2TP client support for PSK removed from 15.04/15.10
Very interested! Please share! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1457078 Title: L2TP client support for PSK removed from 15.04/15.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1457078/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1457078] Re: L2TP client support for PSK removed from 15.04/15.10
Finally got it to work after hours of fiddling. l2tp connection with psk and xauth, configured via conffiles. Ubuntu 15.10, strongswan 5.1.2-0ubuntu6.2 Had to remove package xl2tpd (1.3.6+dfsg-3) - crashed with segfault every time while trying to connect. Manually installed openl2tp_1.8-1_amd64.deb from: ftp://ftp.openl2tp.org/releases/openl2tp-1.8/debian-squeeze/openl2tp_1.8-1_amd64.deb Work much better than my last attempt on 14.04 (openswan+pluto+openl2tp) I have to start the connection manually (will write a short script for it, but for now it's OK) Will post my conffiles if someone will be interested in ;-) But it will be great to have a network-manager plugin to manage such a connection. Cheers Gimbus109 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1457078 Title: L2TP client support for PSK removed from 15.04/15.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1457078/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1457078] Re: L2TP client support for PSK removed from 15.04/15.10
** Description changed: - Since OpenSwan and xl2tpd have been completely removed from 15.04 and - StrongSwan-network-manager shipped (1.3.0-2) doesn't support pre-shared - keys (support added in 1.3.1) many users will not be able to connect to + Since OpenSwan has been completely removed from 15.04 and StrongSwan- + network-manager shipped (1.3.0-2) doesn't support pre-shared keys + (support added in 1.3.1) many users will not be able to connect to business VPNs after the upgrade to 15.04. This is a critical requirement for many users. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1457078 Title: L2TP client support for PSK removed from 15.04/15.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1457078/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1457078] Re: L2TP client support for PSK removed from 15.04/15.10
n.b. over email Tobias, the developer of StrongSwan said to me: "We have absolutely no intentions of ever adding support for L2TP (or IKEv1 for that matter) to our NM plugin. So I doubt there will be any traction on this issue (unless Canonical tracks back and readds the removed Openswan/Libreswan stuff). You should perhaps consider using a more modern VPN protocol, for instance, IKEv2. appliances (at least some of them) support that too." However it is not possible to create "on demand"/random source IPSec VPNs using IKEv2 on the appliances that I'm using, so I'm back tot he beginning again. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1457078 Title: L2TP client support for PSK removed from 15.04/15.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1457078/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1457078] Re: L2TP client support for PSK removed from 15.04/15.10
Thanks Tobias, unfortunately I've tried this multiple times using multiple different guides on different versions of Ubuntu and have never got this solution to work. I can never get a response to the INFORMATIONAL_V1 request packet and the server complains that it's receiving an unencrypted packet on an encrypted port. I'm not trying to turn this into a support ticket though, the reason I mention this is to point out that even for experienced users it's VERY difficult to configure via the files, and is not user friendly. For this reason the feature has been effectively removed for 95% of Ubuntu users. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1457078 Title: L2TP client support for PSK removed from 15.04/15.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1457078/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1457078] Re: L2TP client support for PSK removed from 15.04/15.10
strongSwan's NM plugin only supports IKEv2. IKEv1 and in particular L2TP are not supported by that GUI (they could be configured via config files though). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1457078 Title: L2TP client support for PSK removed from 15.04/15.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1457078/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1457078] Re: L2TP client support for PSK removed from 15.04/15.10
I've also tried this in 15.10. It offers the PSK option now but still only for IPSec as far as I can see. There doesn't seem to be any way of setting up an L2TP connection. Can others confirm this? Is there any way to escalate this to Canonical without signing up for Enterprise support? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1457078 Title: L2TP client support for PSK removed from 15.04/15.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1457078/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1457078] Re: L2TP client support for PSK removed from 15.04/15.10
This begs 2 questions from my end: 1. How does the removal of such a critical VPN component get past QA? 2. How is it that the very vulnerable PPTP VPN is still readily available while a more secure option gets tossed to the gutter? Can anyone at Canonical please answer these questions? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1457078 Title: L2TP client support for PSK removed from 15.04/15.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1457078/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1457078] Re: L2TP client support for PSK removed from 15.04/15.10
The issue is still present in 15.10 as well. ** Summary changed: - L2TP client support for PSK removed from 15.04 + L2TP client support for PSK removed from 15.04/15.10 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1457078 Title: L2TP client support for PSK removed from 15.04/15.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1457078/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs