Where to add the Pre-Shared Key for the Server Authentication with Network Manager for L2TP/IPSEC?

Question

enter image description here

Previously, I was trying to figure out how to install the L2TP/IPSEC manager code. I guess Ubuntu/Canonical switched away from OpenSwan to StrongSwan, but didn't really announce it. So that was figured out in this AskUbuntu question: L2TP IPsec VPN client on Ubuntu 14.10

Since then, I've been trying to figure out how to use Pre-Shared Keys for Authentication to the Server. As shown in the screenshot, the Network Manager allows for a Certificate (.pem file), but not a Pre-shared key.

My network admin doesn't want to mess around with Certs because PSKs are good enough for the situation we're working with. I've already tested these PSKs with Windows and they work great.

He's given me 4 pieces of info.

Server name
PSK for said server
User name
password for said username

I can see on this screenshot where to put the server name and username, but cannot see where to put the PSK for the server, nor where to enter the password (maybe I'm prompted for that at connection time.)

Anyone know how to do this?

UPDATE: So I tried hackerb9's suggestion, but it didn't appear to do anything. I also tried alci's suggestion of downloading the 1.3.1 version of Network-Manager for L2TP and compiling manually. After installing a bunch of packages and re-running ./configure a few times, I eventually was able to "make" and then "make install" the code.

The plug-in for network manager now shows a Pre-shared Key option, but it still doesn't work. It now looks like this:

enter image description here

The problem with this is that the "Certificate" option is still being displayed (instaed of the Pre-shared key field.)

Where in this Ubuntu Network Manager plugin am I supposed to enter the Pre-shared Key for Server authentication?

As an example for contrast, in Windows 8, it has an option that looks like this:

enter image description here

It seems PSK was added in version 1.3.1 of the nm plugin, but utopic (or debian, for that matters) ships 1.3.0... see https://wiki.strongswan.org/issues/254 Maybe you should try to build it from http://download.strongswan.org/NetworkManager/ — alci, Feb 20 '15 at 21:46
So, I downloaded the source, ran the ./configure (which required that I install like 5 to 10 more missing packages), then ran make, and make install. Now, Pre-Shared Key shows up as an option in drop down for client. Unfortunately, Pre-Shared is still not an option for Server. (I'm using Pre-shared keys for both the Authentication to the Server as well as Username/Client AUTH.) — Pretzel, Feb 27 '15 at 17:21
Hey @Pretzel. Did you end up getting it working? I have the same exact issue (with the addition that I am using Gnome 3), and so far no success :S. — jlengrand, May 10 '15 at 18:59
keep in mind that strongswan does not provide support for the l2tp part of L2TP/IPsec, but only for the IPsec. All settings in network-manager-strongswan relate to IKEv2 — , Oct 06 '15 at 07:42

Pilot6 · Answer 1 · 2023-02-07T11:18:40.890

8

If you want a GUI solution, you can install an L2TP Network Manager plugin from ppa.

It can be done by

sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update
sudo apt-get install network-manager-l2tp-gnome

It works with trusty and xenial, but the author did not build packages for vivid.

After you install the package you will be able to configure an L2TP connection in Network Manager

Update: Now the packages have been included in official Ubuntu repositories and PPA is not needed for Ubuntu 18.04+.

For new Ubuntu releases just run:

sudo apt-get install network-manager-l2tp-gnome

edited Feb 07 '23 at 11:18

answered Oct 05 '15 at 22:36

Pilot6

90,100
91
213
324

Doesn't apply; there's nothing like Group configured. – Oxwivi Oct 06 '15 at 09:16
Did you check "Enable IPsec"? – Pilot6 Oct 06 '15 at 10:01
1

Sorry if I confused you; what I meant is, I've a PSK but no "group". Enabling the tunnel doesn't allow me to define PSK without Group Name. – Oxwivi Oct 06 '15 at 10:28
Worked for me to connect to Ubiquiti EdgeMAX. I used group name "nogroup". I had to reboot after installing network-manager-l2tp from the PPA. – Jeroen Vermeulen Oct 11 '16 at 10:33
where does that first screen comes from?? – KansaiRobot Apr 22 '20 at 05:52
It comes from Network Manager -> VPN – Pilot6 Apr 22 '20 at 08:02
On Ubuntu 22.04 I had to install network-manager-l2tp package to have "L2TP IPSEC Options" available. Did't have to add ppa. – PeterM Feb 07 '23 at 11:10
That's correct. The package has been added to Ubuntu repos. I have it in the answer. – Pilot6 Feb 07 '23 at 11:12

score 7 · Answer 2 · answered Feb 20 '15 at 22:01

7

Are you comfortable with editing configuration files with a text editor? If so, I believe the answer of where to put the PSK is /etc/ipsec.secrets. You can try something like this:

: PSK "strongSwan"

The file is documented in man ipsec.secrets or you can read about it here:

https://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets

Let us know if that doesn't work for you.

answered Feb 20 '15 at 22:01

hackerb9

5,605

Editing? Sure, no problem. I'll give this a shot and report back. – Pretzel Feb 23 '15 at 19:13
3

Ok, I tried that. It prompted me for a password and said "VPN connection failed because of invalid VPN secrets." (As a side note, I found Windows eminently more helpful when it failed to connect. It usually had an error code/number. Where might I go to look for an error code? /var/log/ ???) – Pretzel Feb 23 '15 at 19:18
1

@Pretzel You need to add this information (and the one from the other answer) into your question so that it's obvious to new people looking at the question. – Jorge Castro Feb 25 '15 at 19:33

Where to add the Pre-Shared Key for the Server Authentication with Network Manager for L2TP/IPSEC?

2 Answers2

Linked