Project

General

Profile

Issue #1062

No password dialog on Ubuntu distros for IKEv2/eap-mschapv2 strongswan-nm

Added by Mike W about 10 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
networkmanager (charon-nm)
Affected version:
5.1.2
Resolution:
Fixed

Description

Hi - I have a reproducible error on Ubuntu 14.0.4.2 and Linux Mint 17.1 and 17.2. When I create a VPN connection using Network Connections (NetworkManager ie strongswan-nm & network-manager-strongswan) I am able to save the connection but it does not prompt me for a password. Later, opening the connection in Network Settings and editing the connection I get (Error: unable to load VPN connection editor) in the gui. Also the only EAP choice available in the create connection dialog is EAP. I installed other strongswan-eap-xxx plug-ins packages and they do not show up in the list either. Not sure if this is a package problem or not. I posted this: [[https://forum.pfsense.org/index.php?topic=97740.msg544440#msg544440]] detailing the packages installed and sent an email to pkg-swan-devel AT lists.alioth.debian.org. Other data:

Mint17-PC ~ # ipsec statusall
Status of IKE charon daemon (strongSwan 5.1.2, Linux 3.16.0-38-generic, x86_64):
uptime: 43 hours, since Aug 07 05:51:12 2015
malloc: sbrk 2539520, mmap 0, used 435888, free 2103632
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon test-vectors ldap sqlite aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl gmp xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-noauth dhcp error-notify radattr addrblock
Listening IP addresses:
192.168.1.8
2605:a000:1506:410e:_edited for brevity_
Connections:
Security Associations (0 up, 0 connecting):
none
Mint17-PC ~ # cat /var/log/syslog|grep charon
Aug 9 01:15:10 Mint17-PC charon-nm: 00[DMN] Starting charon NetworkManager backend (strongSwan 5.1.2)
Aug 9 01:15:10 Mint17-PC charon-nm: 00[LIB] created TUN device: tun0
Aug 9 01:15:10 Mint17-PC NetworkManager880: <error> [1439100910.503204] [nm-vpn-connection.c:1324] plugin_need_secrets_cb(): (c551636a-e2d8-41e0-95ff-0948319da34b/Mail Haus) plugin NeedSecrets request #1 failed: dbus-glib-error-quark Rejected send message, 1 matched rules; type="method_call", sender=":1.5" (uid=0 pid=880 comm="NetworkManager ") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name="(unset)" requested_reply="0" destination="org.freedesktop.NetworkManager.strongswan" (uid=0 pid=4189 comm="/usr/lib/ipsec/charon-nm ")
Aug 9 01:15:10 Mint17-PC NetworkManager880: <warn> error disconnecting VPN: Rejected send message, 1 matched rules; type="method_call", sender=":1.5" (uid=0 pid=880 comm="NetworkManager ") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="Disconnect" error name="(unset)" requested_reply="0" destination="org.freedesktop.NetworkManager.strongswan" (uid=0 pid=4189 comm="/usr/lib/ipsec/charon-nm ")
Aug 9 01:15:10 Mint17-PC charon-nm: 00[LIB] loaded plugins: nm-backend charon-nm ldap aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pem openssl gmp xcbc cmac hmac ctr ccm gcm kernel-netlink socket-default eap-identity eap-md5 eap-mschapv2 eap-tls eap-ttls eap-peap
Aug 9 01:15:10 Mint17-PC charon-nm: 00[LIB] unable to load 5 plugin features (5 due to unmet dependencies)
Aug 9 01:15:10 Mint17-PC charon-nm: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug 9 01:15:10 Mint17-PC charon-nm: 00[JOB] spawning 16 worker threads
Aug 9 01:15:15 Mint17-PC charon-nm: 00[DMN] signal of type SIGTERM received. Shutting down
Aug 9 01:15:15 Mint17-PC charon: 01[KNL] interface tun0 deleted
Mint17-PC ~ #

Thank you very much.

History

#1 Updated by Mike W about 10 years ago

EDIT: You do not need the Network Settings dialog to get StrongSwan client eap-mschapv2 to work. The error in NotworkManager under the Network Settings dialog (Error: unable to load VPN connection editor) continues through 5.3.2. However, there is a work around. Download and build from scratch 5.3.2. Ubuntu is shipping 5.1.x. Follow these instructions: https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager using the following ./configure options for charon:

./configure --sysconfdir=/etc --prefix=/usr --libexecdir=/usr/lib --enable-aes --disable-des --disable-md5 --enable-sha1 --enable-sha2 --enable-fips-prf --enable-gmp --enable-openssl --enable-nm --enable-agent --enable-eap-gtc --enable-eap-md5 --enable-eap-mschapv2 --enable-eap-identity --enable-md4

and for charon-nm (from the link)
./configure --sysconfdir=/etc --prefix=/usr --libexecdir=/usr/lib/NetworkManager --with-charon=/usr/lib/ipsec/charon-nm

THEN edit /etc/NetworkManager/VPN/nm-strongswan-service.name and add the following line under [GNOME]
"supports-external-ui-mode=true" without quotes.

Now create your connection with the Network Connections dialog (please note the difference between Network Setting and Network Connections). Invoke your newly defined connection under VPN Connections and a dialog will appear asking to save the password, and you will be connected. The graphical interface as pictured in the instructions above are misleading. When you click save... the dialog does not popup as you would expect looking at the picture, rather it is invoked when you make the connection. Using Network Settings and editing your connection by selecting Identity does not work.

#2 Updated by Tobias Brunner almost 9 years ago

  • Category changed from configuration to networkmanager (charon-nm)
  • Status changed from New to Closed
  • Resolution set to Fixed

This should be fixed with the current version of the NM plugin.