[Swan] Configuring L2TP client using NetworkManager
doug at uq.edu.au
Fri Jun 3 01:28:44 EEST 2022
Correction, on Ubuntu to switch to libreswan with the network-manager-l2tp package, issue:
sudo apt install libreswan
From: Douglas Kosovic
Sent: Friday, 3 June 2022 8:25 AM
To: Josh <jvpn at use.startmail.com>
Cc: Swan at lists.libreswan.org
Subject: RE: [Swan] Configuring L2TP client using NetworkManager
As it is failing Quick Mode (phase 2) for libreswan but not strongswan, you try could clicking the "Disable PFS" checkbox in NetworkManager-l2tp's IPsec config dialog box, PFS is enabled by default with libreswan, but not with strongswan (where the option is greyed out).
Unrelated to this issue, but since you are using Fedora, I would recommend removing the blacklistings of L2TP kernel modules, see:
For historical reasons on Ubuntu, the network-manager-l2tp package default dependency is strongswan, to switch to libreswan, issue the following:
sudo dnf install libreswan
On Fedora, NetworkManager-l2tp will use strongswan if it can't find libreswan.
> On Jun 2, 2022, at 13:49, Josh <jvpn at use.startmail.com> wrote:
> Hello Paul,
> You are correct. I found instructions from a random VPN provider:
> Ubuntu 20 uses strongswan for l2tp/ipsec and connects to keenetic l2tp server just fine.
> Fedora 36 uses libreswan and connection to the same instance fails
> with error messages matching
> Could anyone suggest any debugging steps?
>> On 5/30/22 17:17, Paul Wouters wrote:
>>> On Fri, 27 May 2022, Josh wrote:
>>> Subject: [Swan] Configuring L2TP client using NetworkManager
>>> On my latest Fedora NetworkManager UI there are many different options.
>>> I tried to do my best finding places I need to enter four given above but result is still a failure.
>> Did you use install NetworkManager-l2tp-gnome and then select "add vpn" ?
>> gateway is the remote vpn host, username and password is what you
>> expect, and under "IPsec settings" at the bottom you can see "enable
>> IPsec" and "pre-shared key". Possibly under "advanced" you put in the
>> DNS name of the remote vpn server under "remote ID".
>>> Is there a manual to setup L2TP connection via NetworkManager UI?
>> Possibly, but I wouldn't know.
More information about the Swan