Where to add the Pre-Shared Key for the Server Authentication with Network Manager for L2TP/IPSEC?

networking network-manager 14.10 vpn ipsec
46,430

Solution 1

If you want a GUI solution, you can install an L2TP Network Manager plugin from ppa.

It can be done by

sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update
sudo apt-get install network-manager-l2tp-gnome

It works with trusty and xenial, but the author did not build packages for vivid.

After you install the package you will be able to configure an L2TP connection in Network Manager

Update: Now the packages have been included in offiial Ubuntu repositories and PPA is not needed for Ubuntu 18.04+.

enter image description here enter image description here enter image description here enter image description here

Solution 2

Are you comfortable with editing configuration files with a text editor? If so, I believe the answer of where to put the PSK is /etc/ipsec.secrets. You can try something like this:

: PSK "strongSwan"

The file is documented in man ipsec.secrets or you can read about it here:

https://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets

Let us know if that doesn't work for you.

Share:
46,430

Related videos on Youtube

Pretzel
Author by

Pretzel

Pretzel is a bit Twisted and sometimes a little Salty; He always goes great with beer!

Updated on September 18, 2022

Comments

  • Pretzel
    Pretzel almost 2 years

    enter image description here

    Previously, I was trying to figure out how to install the L2TP/IPSEC manager code. I guess Ubuntu/Canonical switched away from OpenSwan to StrongSwan, but didn't really announce it. So that was figured out in this AskUbuntu question: L2TP IPsec VPN client on Ubuntu 14.10

    Since then, I've been trying to figure out how to use Pre-Shared Keys for Authentication to the Server. As shown in the screenshot, the Network Manager allows for a Certificate (.pem file), but not a Pre-shared key.

    My network admin doesn't want to mess around with Certs because PSKs are good enough for the situation we're working with. I've already tested these PSKs with Windows and they work great.

    He's given me 4 pieces of info.

    • Server name
    • PSK for said server
    • User name
    • password for said username

    I can see on this screenshot where to put the server name and username, but cannot see where to put the PSK for the server, nor where to enter the password (maybe I'm prompted for that at connection time.)

    Anyone know how to do this?

    UPDATE: So I tried hackerb9's suggestion, but it didn't appear to do anything. I also tried alci's suggestion of downloading the 1.3.1 version of Network-Manager for L2TP and compiling manually. After installing a bunch of packages and re-running ./configure a few times, I eventually was able to "make" and then "make install" the code.

    The plug-in for network manager now shows a Pre-shared Key option, but it still doesn't work. It now looks like this:

    enter image description here

    The problem with this is that the "Certificate" option is still being displayed (instaed of the Pre-shared key field.)

    Where in this Ubuntu Network Manager plugin am I supposed to enter the Pre-shared Key for Server authentication?

    As an example for contrast, in Windows 8, it has an option that looks like this:

    enter image description here

    • Admin
      Admin over 9 years
      It seems PSK was added in version 1.3.1 of the nm plugin, but utopic (or debian, for that matters) ships 1.3.0... see wiki.strongswan.org/issues/254 Maybe you should try to build it from download.strongswan.org/NetworkManager
    • Admin
      Admin over 9 years
      Ok, I'll give that a shot.
    • Admin
      Admin over 9 years
      So, I downloaded the source, ran the ./configure (which required that I install like 5 to 10 more missing packages), then ran make, and make install. Now, Pre-Shared Key shows up as an option in drop down for client. Unfortunately, Pre-Shared is still not an option for Server. (I'm using Pre-shared keys for both the Authentication to the Server as well as Username/Client AUTH.)
    • Admin
      Admin about 9 years
      Hey @Pretzel. Did you end up getting it working? I have the same exact issue (with the addition that I am using Gnome 3), and so far no success :S.
    • Admin
      Admin over 8 years
      keep in mind that strongswan does not provide support for the l2tp part of L2TP/IPsec, but only for the IPsec. All settings in network-manager-strongswan relate to IKEv2
  • Pretzel
    Pretzel over 9 years
    Editing? Sure, no problem. I'll give this a shot and report back.
  • Pretzel
    Pretzel over 9 years
    Ok, I tried that. It prompted me for a password and said "VPN connection failed because of invalid VPN secrets." (As a side note, I found Windows eminently more helpful when it failed to connect. It usually had an error code/number. Where might I go to look for an error code? /var/log/ ???)
  • Jorge Castro
    Jorge Castro over 9 years
    @Pretzel You need to add this information (and the one from the other answer) into your question so that it's obvious to new people looking at the question.
  • Oxwivi
    Oxwivi over 8 years
    Doesn't apply; there's nothing like Group configured.
  • Pilot6
    Pilot6 over 8 years
    Did you check "Enable IPsec"?
  • Oxwivi
    Oxwivi over 8 years
    Sorry if I confused you; what I meant is, I've a PSK but no "group". Enabling the tunnel doesn't allow me to define PSK without Group Name.
  • Jeroen Vermeulen - MageHost
    Jeroen Vermeulen - MageHost over 7 years
    Worked for me to connect to Ubiquiti EdgeMAX. I used group name "nogroup". I had to reboot after installing network-manager-l2tp from the PPA.
  • KansaiRobot
    KansaiRobot about 4 years
    where does that first screen comes from??
  • Pilot6
    Pilot6 about 4 years
    It comes from Network Manager -> VPN

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

VPN L2TP/IPSec client on Ubuntu 16.04 VPN service failed to start
ssh: connect to host [ip] port 22: No route to host
/dev/ppp can't be opened
OpenVPN setup with PIA - Connects but no internet
How to auto(re)connect to openvpn connection?
How to connect to two VPNs at the same time?
Configuring routes so that vpn is only used for local resources
OpenConnect: Force all connections throught VPN (if IPv6 unavailable)
globalprotect option missing in network-manager VPN options
cannot connect using L2TP IPsec VPN Manager 1.0.9 on Ubuntu Desktop 14.04