Where to add the Pre-Shared Key for the Server Authentication with Network Manager for L2TP/IPSEC?
Solution 1
If you want a GUI solution, you can install an L2TP Network Manager plugin from ppa.
It can be done by
sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update
sudo apt-get install network-manager-l2tp-gnome
It works with trusty and xenial, but the author did not build packages for vivid.
After you install the package you will be able to configure an L2TP connection in Network Manager
Update: Now the packages have been included in offiial Ubuntu repositories and PPA is not needed for Ubuntu 18.04+.
Solution 2
Are you comfortable with editing configuration files with a text editor? If so, I believe the answer of where to put the PSK is /etc/ipsec.secrets. You can try something like this:
: PSK "strongSwan"
The file is documented in man ipsec.secrets
or you can read about it here:
https://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets
Let us know if that doesn't work for you.
Related videos on Youtube
Pretzel
Pretzel is a bit Twisted and sometimes a little Salty; He always goes great with beer!
Updated on September 18, 2022Comments
-
Pretzel almost 2 years
Previously, I was trying to figure out how to install the L2TP/IPSEC manager code. I guess Ubuntu/Canonical switched away from OpenSwan to StrongSwan, but didn't really announce it. So that was figured out in this AskUbuntu question: L2TP IPsec VPN client on Ubuntu 14.10
Since then, I've been trying to figure out how to use Pre-Shared Keys for Authentication to the Server. As shown in the screenshot, the Network Manager allows for a Certificate (.pem file), but not a Pre-shared key.
My network admin doesn't want to mess around with Certs because PSKs are good enough for the situation we're working with. I've already tested these PSKs with Windows and they work great.
He's given me 4 pieces of info.
- Server name
- PSK for said server
- User name
- password for said username
I can see on this screenshot where to put the server name and username, but cannot see where to put the PSK for the server, nor where to enter the password (maybe I'm prompted for that at connection time.)
Anyone know how to do this?
UPDATE: So I tried hackerb9's suggestion, but it didn't appear to do anything. I also tried alci's suggestion of downloading the 1.3.1 version of Network-Manager for L2TP and compiling manually. After installing a bunch of packages and re-running ./configure a few times, I eventually was able to "make" and then "make install" the code.
The plug-in for network manager now shows a Pre-shared Key option, but it still doesn't work. It now looks like this:
The problem with this is that the "Certificate" option is still being displayed (instaed of the Pre-shared key field.)
Where in this Ubuntu Network Manager plugin am I supposed to enter the Pre-shared Key for Server authentication?
As an example for contrast, in Windows 8, it has an option that looks like this:
-
Admin over 9 yearsIt seems PSK was added in version 1.3.1 of the nm plugin, but utopic (or debian, for that matters) ships 1.3.0... see wiki.strongswan.org/issues/254 Maybe you should try to build it from download.strongswan.org/NetworkManager
-
Admin over 9 yearsOk, I'll give that a shot.
-
Admin over 9 yearsSo, I downloaded the source, ran the ./configure (which required that I install like 5 to 10 more missing packages), then ran make, and make install. Now, Pre-Shared Key shows up as an option in drop down for client. Unfortunately, Pre-Shared is still not an option for Server. (I'm using Pre-shared keys for both the Authentication to the Server as well as Username/Client AUTH.)
-
Admin about 9 yearsHey @Pretzel. Did you end up getting it working? I have the same exact issue (with the addition that I am using Gnome 3), and so far no success :S.
-
Admin over 8 yearskeep in mind that strongswan does not provide support for the l2tp part of L2TP/IPsec, but only for the IPsec. All settings in network-manager-strongswan relate to IKEv2
-
Pretzel over 9 yearsEditing? Sure, no problem. I'll give this a shot and report back.
-
Pretzel over 9 yearsOk, I tried that. It prompted me for a password and said "VPN connection failed because of invalid VPN secrets." (As a side note, I found Windows eminently more helpful when it failed to connect. It usually had an error code/number. Where might I go to look for an error code? /var/log/ ???)
-
Jorge Castro over 9 years@Pretzel You need to add this information (and the one from the other answer) into your question so that it's obvious to new people looking at the question.
-
Oxwivi over 8 yearsDoesn't apply; there's nothing like Group configured.
-
Pilot6 over 8 yearsDid you check "Enable IPsec"?
-
Oxwivi over 8 yearsSorry if I confused you; what I meant is, I've a PSK but no "group". Enabling the tunnel doesn't allow me to define PSK without Group Name.
-
Jeroen Vermeulen - MageHost over 7 yearsWorked for me to connect to Ubiquiti EdgeMAX. I used group name "nogroup". I had to reboot after installing network-manager-l2tp from the PPA.
-
KansaiRobot about 4 yearswhere does that first screen comes from??
-
Pilot6 about 4 yearsIt comes from Network Manager -> VPN