vpn

Setting up strongSwan on Ubuntu 22.04 and 24.04 with NetworkManager

28 September 2024 in Bash / GNU/Linux tagged bash / GNU/Linux / network manager / strongswan / ubuntu / vpn by Tux

For Ubuntu users who need to configure strongSwan (an open-source IPsec VPN solution) using NetworkManager on Ubuntu 22.04 or 24.04, simply installing the network-manager-strongswan package is not sufficient. Additional plugins and libraries are required to enable full functionality for various VPN configurations, including advanced authentication methods and protocol support.

Required Packages

To ensure strongSwan works seamlessly with NetworkManager, install the following packages:

network-manager-strongswan: This package integrates strongSwan into NetworkManager, allowing you to manage VPN connections using a graphical user interface (GUI). It adds support for IKEv2/IPsec VPNs.
libcharon-extra-plugins: This package provides additional plugins for strongSwan’s IKE daemon (charon), extending its functionality to handle different encryption algorithms, key exchange mechanisms, and advanced authentication protocols.
libstrongswan-extra-plugins: These extra plugins offer support for more cryptographic algorithms and authentication methods, enhancing compatibility with various VPN configurations. This includes EAP-based methods commonly used in VPN setups.

Step-by-Step Installation

To install the necessary packages, follow these steps:

Update the package list to ensure you have the latest versions available:

1	`sudo apt update`

Install the strongSwan NetworkManager plugin along with the extra plugin packages:

sudo apt install network-manager-strongswan libcharon-extra-plugins libstrongswan-extra-plugins

Restart NetworkManager to apply the changes:

1	`sudo systemctl restart NetworkManager`

Configuring a VPN Connection

Once the necessary packages are installed and NetworkManager has been restarted, you can proceed to configure a VPN connection using the GUI:

Open Settings → Network.
Click the + button next to the VPN section.
Select IPSec/IKEv2 (strongSwan) from the list of available VPN types.
Enter the required connection details, including the server address, username, password, and any pre-shared keys or certificates as provided by your VPN provider.

For advanced VPN configurations, you may also need to specify custom encryption settings or certificate paths under the Advanced settings in the VPN configuration window.

Troubleshooting

If you encounter issues connecting to the VPN, you can check the system logs for more detailed information:

sudo journalctl -xe
sudo journalctl -u NetworkManager

These logs may provide insight into common issues, such as authentication failures, certificate problems, or configuration mismatches.

Conclusion

To successfully configure and use strongSwan VPNs with NetworkManager on Ubuntu 22.04 and 24.04, you must install three key packages: network-manager-strongswan, libcharon-extra-plugins, and libstrongswan-extra-plugins. These packages extend the capabilities of strongSwan, providing compatibility with a wide range of VPN configurations, cryptographic algorithms, and authentication methods.

By ensuring these packages are installed and properly configured, you can easily manage your strongSwan VPN connections through the Ubuntu NetworkManager GUI.

Fedora 24: Solution to gcrypt.h: No such file or directory

8 October 2016 in C tagged C++ / decrypt / fedora / gcc / libgcrypt-devel / linux / vpn / vpnc by Tux

Recently we tried to compile cisco-decrypt.c* on Fedora 24 (64bit).
We got the full source code from the website of Maurice Massar.
Download full source code here: [download id=”2078″]

We needed this tool to configure the Gnome 3 native network client to connect to a specific Cisco VPN network.
During the configuration we setup a “Cisco Compatible VPN (vpnc)” VPN.

* Please note that this tool is NOT a hacking nor cracking tool. In order for you to make any use of it, you need to have a valid PCF file given to you by your system administrator. It is only useful when you need to get the group password to configure a system that does not accept the PCF file with the encrypted password.

To compile the code you can use one of the following two methods:

Compilation method 1

gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)

If the package libgcrypt-devel is not installed you will get a prompt message as follows, which will instruct you to install the missing package.
You need to type y to both questions so that the installation will proceed. Once the installation is done, execute once more the compilation command.

As you can see below, you might get a whole bunch of errors, ignore them and try to compile once more. It seems to be a bug that will not affect the end result (at least in this scenario).

gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
bash: libgcrypt-config: command not found...
Install package 'libgcrypt-devel' to provide command 'libgcrypt-config'? [N/y] y

Proceed with changes? [N/y] y

gcc: error: Waiting: No such file or directory
gcc: error: in: No such file or directory
gcc: error: queue...: No such file or directory
gcc: error: Loading: No such file or directory
gcc: error: list: No such file or directory
gcc: error: of: No such file or directory
gcc: error: packages....: No such file or directory
gcc: error: The: No such file or directory
gcc: error: following: No such file or directory
gcc: error: packages: No such file or directory
gcc: error: have: No such file or directory
gcc: error: to: No such file or directory
gcc: error: be: No such file or directory
gcc: error: installed:: No such file or directory
gcc: error: libgcrypt-devel-1.6.6-1.fc24.x86_64: No such file or directory
gcc: error: Development: No such file or directory
gcc: error: files: No such file or directory
gcc: error: for: No such file or directory
gcc: error: the: No such file or directory
gcc: error: libgcrypt: No such file or directory
gcc: error: package: No such file or directory
gcc: error: libgpg-error-devel-1.24-1.fc24.x86_64: No such file or directory
gcc: error: Development: No such file or directory
gcc: error: files: No such file or directory
gcc: error: for: No such file or directory
gcc: error: the: No such file or directory
gcc: error: libgpg-error: No such file or directory
gcc: error: package: No such file or directory
gcc: error: Waiting: No such file or directory
gcc: error: in: No such file or directory
gcc: error: queue...: No such file or directory
gcc: error: Waiting: No such file or directory
gcc: error: for: No such file or directory
gcc: error: authentication...: No such file or directory
gcc: error: Waiting: No such file or directory
gcc: error: in: No such file or directory
gcc: error: queue...: No such file or directory
gcc: error: Downloading: No such file or directory
gcc: error: packages...: No such file or directory
gcc: error: Requesting: No such file or directory
gcc: error: data...: No such file or directory
gcc: error: Testing: No such file or directory
gcc: error: changes...: No such file or directory
gcc: error: Installing: No such file or directory
gcc: error: packages...: No such file or directory

Compilation method 2

In case the above method does not work for you for some reason, you can try the following.

1	`gcc` `-Wall -o cisco-decrypt cisco-decrypt.c -lgcrypt`

If the package libgcrypt-devel is not installed you will get an error as follows.

gcc -Wall -o cisco-decrypt cisco-decrypt.c -lgcrypt
cisco-decrypt.c:30:20: fatal error: gcrypt.h: No such file or directory
 #include <gcrypt.h>
                    ^
compilation terminated.

In this case use

1	`sudo` `dnf` `install` `libgcrypt-devel`

to install the missing library and try again to compile.

To use

Open your PCF file with a text editor. Find the line that starts with enc_GroupPwd= and copy the characters after that.

Paste the characters as the first command line argument to the newly compiled application. The password will be the line returned right after.

./cisco-decrypt 886E2FC74BFCD8B6FAF47784C386A50D0C1A5D0528D1E682B7EBAB6B2E91E792E389914767193F9114FA26C1E192034754F85FC97ED36509
Th!sIsMyK3y#

Other notes

In the case you get these errors:

/tmp/ccHrH1kZ.o: In function `c_decrypt':
cisco-decrypt.c:(.text+0x243): undefined reference to `gcry_md_hash_buffer'
cisco-decrypt.c:(.text+0x267): undefined reference to `gcry_md_hash_buffer'
cisco-decrypt.c:(.text+0x2b4): undefined reference to `gcry_md_hash_buffer'
cisco-decrypt.c:(.text+0x31d): undefined reference to `gcry_cipher_open'
cisco-decrypt.c:(.text+0x33b): undefined reference to `gcry_cipher_setkey'
cisco-decrypt.c:(.text+0x356): undefined reference to `gcry_cipher_setiv'
cisco-decrypt.c:(.text+0x382): undefined reference to `gcry_cipher_decrypt'
cisco-decrypt.c:(.text+0x391): undefined reference to `gcry_cipher_close'
/tmp/ccHrH1kZ.o: In function `main':
cisco-decrypt.c:(.text+0x41e): undefined reference to `gcry_check_version'
collect2: error: ld returned 1 exit status

It most probably means that you did not add on your compilation command one of the following two parameters

$(libgcrypt-config –libs –cflags)
-lgcrypt

You need one of these two options to be on the command line to compile.

Bytefreaks.net – a place for hacks