Package Details: networkmanager-strongswan 1.4.1-1

Git Clone URL: https://aur.archlinux.org/networkmanager-strongswan.git (read-only)
Package Base: networkmanager-strongswan
Description: Strongswan NetworkManager plugin
Upstream URL: http://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager
Keywords: VPN
Licenses: GPL
Conflicts: networkmanager-strongswan-passwordstore
Submitter: Brinox
Maintainer: Brinox
Last Packager: Brinox
Votes: 13
Popularity: 2.533041
First Submitted: 2015-09-10 10:19
Last Updated: 2017-02-01 23:28

Pinned Comments

Brinox commented on 2015-09-10 10:22

!!! IMPORTANT !!!
The strongswan package needs to be compiled with "--enable-nm" to enable NetworkManager support.

Latest Comments

JamesK commented on 2017-04-20 09:45

@Brinox

Yes I am using both a PSK and password. I know its a bit silly but it was a quick deployment and configuration on my ERX router. I guess my only option is to change the certificate than.

Brinox commented on 2017-04-18 09:53

@JamesK: Are you using both PSK *and* username / password? I would opt for only one of those or switch over to using certificates if you're concerned about security. I don't think using both PSK and username / password is supported using the GUI only.

JamesK commented on 2017-04-18 09:45

When trying to setup a new VPN connection using PSK, I'm unable to input the PSK and save the configuration. I can enter the address, username, and password but I cant find anywhere to input the Pre-Shared-Key when I selected it as the form of Authentication.

amuri-de commented on 2017-04-03 04:54

if you get error like this:
==> Verifying source file signatures with gpg...
NetworkManager-strongswan-1.4.1.tar.bz2 ... FAILED (unknown public key 765FE26C6B467584)
==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: Makepkg was unable to build networkmanager-strongswan.

you can try to add pgp key with:
gpg --keyserver pool.sks-keyservers.net --recv-keys 765FE26C6B467584

I hope it will fix the problem

Brinox commented on 2017-02-20 18:46

@tapir: Your files may have 0777 access modifier but /home/<user> is normally 0700. I suggest installing the certificates under /etc/ipsec.d/ or similar because NetworkManager and charon-nm run as root.

tapir commented on 2017-02-18 17:57

I have my client certificates in the user home directory but when I try to connect to my VPN server, networkmanager complains that "Permission denied" for the certifiacte files. I've made them even 0777 just to make sure. Still the same problem. Any ideas?

Brinox commented on 2017-01-18 23:32

@leemeng0x61 Please refer to my comment from 2016-11-23 22:23

leemeng0x61 commented on 2017-01-18 01:36

==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: Makepkg was unable to build networkmanager-strongswan.
==> Restart building networkmanager-strongswan ? [y/N]

fixed by:
> gpg --recv-keys 12538F8F689B5F1F15F07BE1765FE26C6B467584

nicolafel commented on 2016-12-28 13:00

--EDIT--
Please ignore the following, it was actually a much more simple issue with file and directory permission.
--/EDIT--

Hi all,
I’m having some trouble setting up a new VPN connections. Every time I set up my cert/key couple I get a dialogue asking for the key password. The problem is that keys that have been created, according to the [strongswan manual](https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA), with

ipsec pki --gen > peerKey.der

do not have a password. This, in turn, produces a series of errors when establishing the connection on the lines of

dic 28 13:40:23 $hostname charon-nm[1923]: 05[LIB] opening '$path_to_key' failed: Permission denied
dic 28 13:40:23 $hostname charon-nm[1923]: 05[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 7 builders

If anyone has already a solution I’m more than happy to hear it, in the meanwhile I suggest to anyone with a working connection not to modify it.
All the best and many thanks to Brinox for making this package availabe :)

Stunts commented on 2016-12-05 22:35

@micsnare:
In order to make it work, you have to edit the PKGBUILD of the package "strongswan".
In line 79, replace:
--enable-bliss

with
--enable-bliss --enable-nm

Build the package, install it and you should be good to go.

micsnare commented on 2016-12-05 22:31

I seem to be having the same issue as Stunts...as I haven't added the --enable-nm option when installing Strongswan.

Where would I enable this when I compile this? Is this meant to go in the PKGBUILD at the beginning when installing the aur package?

Thanks a lot for your help!!

Brinox commented on 2016-11-23 22:23

Please see https://wiki.archlinux.org/index.php/makepkg#Signature_checking

kerjava commented on 2016-11-23 22:12

I seem to be getting a pgp signatures error its says
NetworkManager-strongswan-1.4.1.tar.bz2 .. Failed (unknown public key 765FE26C6B467584)

Any idea what is going one seems problematic

(noob fyi)

Brinox commented on 2016-11-15 23:00

It's very likely you forgot to compile Strongswan with --enable-nm :-)

Stunts commented on 2016-11-15 22:48

After installing this package I can configure a VPN in nm-settings using IKEv2!
However, when trying to activate it I get the following error:
nov 15 22:43:17 VoidCaster NetworkManager[518]: <warn> [1479249797.4126] vpn-connection[--SNIP--]: Could not launch the VPN service. error: Failed to execute child process "/usr/lib/strongswan/charon-nm" (No such file or directory).
Any hints on what could be wrong? Thanks in advance.

Brinox commented on 2016-09-27 16:25

The main strongswan package is responsible for installing this file, not the NetworkManager plugin package. If I would include this file in the package, this will lead to a conflict with the main package, when the new version including the necessary patches will be released.

Thus, I'm preferring to *not* include the policy file in the package. Please install strongswan-git or put the file there yourself, as long as the changes are not included in a release. Please remember to add the configuration option --enable-nm when compiling strongswan.

grawity commented on 2016-09-27 07:00

(And while you're at it, those files are being moved to /usr/share/dbus-1/system.d/ rather than /etc.)

BertVoegele commented on 2016-09-27 06:57

The package doesn't install "nm-strongswan-service.conf" (to /etc/dbus-1/system.d/ ), resulting in an error :
'Connection ":X.YY" is not allowed to own the service "org.freedesktop.NetworkManager.strongswan" due to security policies in the configuration file'.
Just copying the file over from the _original_ source tree (because it's not in the tarball) does solve the issue.

Brinox commented on 2016-09-08 21:45

Updated to v1.4.0, but this requires some changes, that haven't been released in any version yet. Thus, I added a dependency to strongswan >= 5.5.1, even if this version doesn't exist yet.

Please use strongswan-git, as long as there is no release available containing the latest changes.

Brinox commented on 2016-08-16 09:33

A pull request for NetworkManager 1.2 support has been created at the GitHub repo [1], we just have to wait until it gets merged.

[1] https://github.com/strongswan/strongswan/pull/15

Brinox commented on 2016-08-07 17:30

It seems to be already reported here.

https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1578193

It works just fine when using the GNOME settings instead of the NM GUI.

abi commented on 2016-08-07 12:04

Yes. NN tells me that no VPN modules are available.

Brinox commented on 2016-08-07 10:28

Have you added the compile flag for strongswan as I stated in the very first comment?

abi commented on 2016-08-07 09:25

Doesn't work for me. Compiles, but no Strongswan options are available at all, like plugin is not installed.

Anonymous comment on 2016-01-20 12:07

I have provided a separate strongswan-networkmanager package as the strongswan maintainer does not wish to add --enable-nm.

gustawho commented on 2015-12-31 22:26

Please, add 'intltool' at makedepends

jdubs commented on 2015-12-15 22:33

Thanks for being on top of it.

Brinox commented on 2015-12-15 21:53

Thanks for the report, I added a flag so these deprecation warnings aren't treated as errors anymore until upstream fixes this.

jdubs commented on 2015-12-15 16:25

Adding "-Wno-deprecated-declarations" to CFLAGS and CXXFLAGS in /etc/makepkg.conf allowed this package to compile and install. Would this be a case in which the package is out-of-date?

jdubs commented on 2015-12-14 22:49

Just downloaded and installed the latest strongswan AUR package (updated 12-12-2015). When attempting to install this package, I receive the following error:

main.c: In function ‘lookup_password’:
main.c:43:2: error: ‘gnome_keyring_find_network_password_sync’ is deprecated: Use 'SECRET_SCHEMA_COMPAT_NETWORK' instead [-Werror=deprecated-declarations]
if (gnome_keyring_find_network_password_sync(g_get_user_name(), NULL, name,
^
In file included from main.c:25:0:
/usr/include/gnome-keyring-1/gnome-keyring.h:551:20: note: declared here
GnomeKeyringResult gnome_keyring_find_network_password_sync (const char *user,
^
main.c:59:2: error: ‘gnome_keyring_network_password_list_free’ is deprecated [-Werror=deprecated-declarations]
gnome_keyring_network_password_list_free(list);
^
In file included from main.c:25:0:
/usr/include/gnome-keyring-1/gnome-keyring.h:537:6: note: declared here
void gnome_keyring_network_password_list_free (GList *list);
^
main.c: In function ‘main’:
main.c:222:6: error: ‘gnome_keyring_set_network_password_sync’ is deprecated: Use 'SECRET_SCHEMA_COMPAT_NETWORK' instead [-Werror=deprecated-declarations]
if (gnome_keyring_set_network_password_sync(keyring,
^
In file included from main.c:25:0:
/usr/include/gnome-keyring-1/gnome-keyring.h:573:20: note: declared here
GnomeKeyringResult gnome_keyring_set_network_password_sync (const char *keyring,
^
cc1: all warnings being treated as errors
Makefile:393: recipe for target 'nm_strongswan_auth_dialog-main.o' failed
make[2]: *** [nm_strongswan_auth_dialog-main.o] Error 1
make[2]: Leaving directory '/home/jdubs/aur/networkmanager-strongswan/src/NetworkManager-strongswan-1.3.1/auth-dialog'
Makefile:445: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/home/jdubs/aur/networkmanager-strongswan/src/NetworkManager-strongswan-1.3.1'
Makefile:334: recipe for target 'all' failed
make: *** [all] Error 2
==> ERROR: A failure occurred in build().
Aborting...

Any takers?

TaXules commented on 2015-10-14 21:35

Thanks a lot!

Brinox commented on 2015-10-14 08:54

Done.

TaXules commented on 2015-10-14 04:49

Can you add this patch: https://launchpadlibrarian.net/216531878/nm-strongswan-dialog.ui.broken.patch ?
It is from https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1448879.

Thanks

Brinox commented on 2015-09-10 10:22

!!! IMPORTANT !!!
The strongswan package needs to be compiled with "--enable-nm" to enable NetworkManager support.