Hi, I'm trying to establish a VPN connection to our 5.6.0 SSwan server via the Network Manager in Ubuntu 16.04.3
I'm running an Ubuntu VM over Parallels /OSX. The VM is fully patched and up to date. 1st step was ot get cli version running and I can establish a VPN using "ipsec up as1558-mschap" Which uses eap-peap/mschapv2 to authenticate a user against our server. I then built the Network manager plugin ( v 1.4.2 ) as per https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager When creating a vpn I now have an option to create an iopsec/ikev2 (strongswan) vpn. I've left the general tab, ipv4 and ipv6 settings tabs at their default settings and only altered the VPN tab. Gateway address / vpn.york.ac.uk Certificate / None Client Authentication / EAP Username / <my userid at york.ac.uk Password / left at ask for password every time Options Request an inner IP address Enforce UDP encapsulation I can save the above but when I try enabling the vpn nothing visible hapens 1). I don't get prompted for a password 2). Having configured /var/log/strongswan.log nothing appears in it 3). Nothing appears at the vpn server /var/log/kern.log has Sep 7 12:35:24 deadpool NetworkManager[693]: <info> [1504784124.0851] audit: op="connection-activate" uuid="4c98e2da-b95e-49b2-b18d-e8591db70094" name="VPN connection 1" pid=19612 uid=1000 result="success" Sep 7 12:35:24 deadpool NetworkManager[693]: <warn> [1504784124.1173] vpn-connection[0xe7e260,4c98e2da-b95e-49b2-b18d-e8591db70094,"VPN connection 1",0]: Could not launch the VPN service. error: Failed to execute child process "/usr/libexec/ipsec/charon-nm" (No such file or directory). ... and its right ... there's no directory called /usr/libexec For strongswan I used ./configure --sysconfdir=/etc --prefix=/usr --libexecdir=/usr/lib \ --disable-aes --disable-des --disable-md5 --disable-sha1 --disable-sha2 \ --disable-fips-prf --disable-gmp --enable-openssl --enable-nm --enable-agent \ --enable-eap-gtc --enable-eap-md5 --enable-eap-mschapv2 --enable-eap-identity \ --enable-curl --enable-eap-peap For NM I originally used ./configure --sysconfdir=/etc --prefix=/usr which generated the /usr/libexec/ipsec/chron-nm dies not exist error ..so I changed this to ./configure --sysconfdir=/etc --prefix=/usr --with-charon=/usr/lib/ipsec/charon-nm Having set the config to prompt for a password I get Sep 7 12:49:07 deadpool NetworkManager[693]: <info> [1504784947.9910] vpn-connection[0xe7e620,ae93fe4c-e311-4ef5-9c70-145323a361c8,"UoY SSwan",0]: Saw the service appear; activating connection Sep 7 12:49:08 deadpool NetworkManager[693]: <error> [1504784948.0145] vpn-connection[0xe7e620,ae93fe4c-e311-4ef5-9c70-145323a361c8,"UoY SSwan",0]: Failed to request VPN secrets #3: No agents were available for this request. Entered password manually and still got the same message in kern.log What have I missed ? Rgds Alex Rgds Alex
