On a Mac, there is an IKEv2 VPN (Settings, Network, Create, VPN, IKEv2). It requires a server address, account name, password, shared secret and group name.
I am trying to sort out what exactly needs done to create that connection in Ubuntu. I have tried Strongswan and L2TP and cannot get the connection to come up.
I have the following packages installed:
strongswannetwork-manager-strongswanlibcharon-extra-plugins
I tried following the steps at https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#ubuntu-linux with substituting the Phase 1 and Phase 2 settings which I ready directly from the VPN server (aes-sha-modp1024 for both phases), confirmed the lifetimes for the phases are correct, tried with "Enforce UDP encapsulation" enabled and disabled, and tried with "Use IKEv2 key exchange" enabled and disabled.
I reviewed the output from journalctl --no-hostname --unit=NetworkManager | tail -100.
The output included in part, [IKE] received NO_PROPOSAL_CHOSEN error notify. So back to checking the Phase 1 and Phase 2 algorithms. I confirmed they are correct based on the settings in the VPN server and Strongswan's IKEv1 Cipher Suites documentation (https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites). I tried setting the algorithms as aes-sha-modp1024 and aes-sha-modp1024!.
Thank you in advance.
Update 1 - My question is almost identical to this question Where to add the Pre-Shared Key for the Server Authentication with Network Manager for L2TP/IPSEC? but it looks like in that thread, an answer was removed that may have contained useful information.
aes-sha-modp1024is not supported by strongswan IKEv2 as it is considered too weak and deprecated for security reasons, for legacy reasons, strongswan will supports it when using IKEv1 – Douglas Kosovic Apr 26 '23 at 22:35