Package: network-manager-strongswan Version: 1.3.0-1.1 Severity: normal I have tried to connect to my university's VPN, instructions at http://www.ucs.cam.ac.uk/vpn/generic
I have used the network-manager interface, as described at https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager The VPN connection fails, and this is what syslog reports: Dec 23 10:44:05 polya dbus[2938]: [system] Activating service name='org.freedesktop.hostname1' (using servicehelper) Dec 23 10:44:05 polya dbus[2938]: [system] Successfully activated service 'org.freedesktop.hostname1' Dec 23 10:44:55 polya NetworkManager[12487]: <info> VPN connection 'VPN connection 1' (ConnectInteractive) reply received. Dec 23 10:44:55 polya charon-nm: 10[CFG] received initiate for NetworkManager connection VPN connection 1 Dec 23 10:44:55 polya charon-nm: 10[CFG] using gateway certificate, identity 'OU=Domain Control Validated, CN=vpn.uis.cam.ac.uk' Dec 23 10:44:55 polya NetworkManager[12487]: <info> VPN plugin state changed: starting (3) Dec 23 10:44:55 polya charon-nm: 10[IKE] initiating IKE_SA VPN connection 1[13] to 192.153.213.116 Dec 23 10:44:55 polya charon-nm: 10[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Dec 23 10:44:55 polya charon-nm: 10[NET] sending packet: from 192.168.0.6[59438] to 192.153.213.116[500] (1024 bytes) Dec 23 10:44:55 polya NetworkManager[12487]: <info> VPN connection 'VPN connection 1' (Connect) reply received. Dec 23 10:44:55 polya charon-nm: 03[NET] received packet: from 192.153.213.116[500] to 192.168.0.6[59438] (38 bytes) Dec 23 10:44:55 polya charon-nm: 03[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ] Dec 23 10:44:55 polya charon-nm: 03[IKE] peer didn't accept DH group MODP_2048, it requested MODP_1024 Dec 23 10:44:55 polya charon-nm: 03[IKE] initiating IKE_SA VPN connection 1[13] to 192.153.213.116 Dec 23 10:44:55 polya charon-nm: 03[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Dec 23 10:44:55 polya charon-nm: 03[NET] sending packet: from 192.168.0.6[59438] to 192.153.213.116[500] (896 bytes) Dec 23 10:44:55 polya charon-nm: 06[NET] received packet: from 192.153.213.116[500] to 192.168.0.6[59438] (312 bytes) Dec 23 10:44:55 polya charon-nm: 06[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ] Dec 23 10:44:55 polya charon-nm: 06[IKE] local host is behind NAT, sending keep alives Dec 23 10:44:55 polya charon-nm: 06[IKE] establishing CHILD_SA VPN connection 1 Dec 23 10:44:55 polya charon-nm: 06[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] Dec 23 10:44:55 polya charon-nm: 06[NET] sending packet: from 192.168.0.6[4500] to 192.153.213.116[4500] (364 bytes) Dec 23 10:44:55 polya charon-nm: 04[NET] received packet: from 192.153.213.116[4500] to 192.168.0.6[4500] (412 bytes) Dec 23 10:44:55 polya charon-nm: 04[ENC] parsed IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ] Dec 23 10:44:55 polya charon-nm: 04[CFG] no issuer certificate found for "OU=Domain Control Validated, CN=vpn.uis.cam.ac.uk" Dec 23 10:44:55 polya charon-nm: 04[CFG] using trusted certificate "OU=Domain Control Validated, CN=vpn.uis.cam.ac.uk" Dec 23 10:44:55 polya charon-nm: 04[IKE] authentication of 'OU=Domain Control Validated, CN=vpn.uis.cam.ac.uk' with RSA signature successful Dec 23 10:44:55 polya charon-nm: 04[IKE] server requested EAP_IDENTITY (id 0x00), sending 'jd...@cam.ac.uk' Dec 23 10:44:55 polya charon-nm: 04[IKE] EAP_IDENTITY not supported, sending EAP_NAK Dec 23 10:44:55 polya charon-nm: 04[ENC] generating IKE_AUTH request 2 [ EAP/RES/NAK ] Dec 23 10:44:55 polya charon-nm: 04[NET] sending packet: from 192.168.0.6[4500] to 192.153.213.116[4500] (76 bytes) Dec 23 10:44:55 polya charon-nm: 05[NET] received packet: from 192.153.213.116[4500] to 192.168.0.6[4500] (76 bytes) Dec 23 10:44:55 polya charon-nm: 05[ENC] parsed IKE_AUTH response 2 [ EAP/FAIL ] Dec 23 10:44:55 polya charon-nm: 05[IKE] received EAP_FAILURE, EAP authentication failed Dec 23 10:44:55 polya charon-nm: 05[ENC] generating INFORMATIONAL request 3 [ N(AUTH_FAILED) ] Dec 23 10:44:55 polya charon-nm: 05[NET] sending packet: from 192.168.0.6[4500] to 192.153.213.116[4500] (76 bytes) Dec 23 10:44:55 polya NetworkManager[12487]: <warn> VPN plugin failed: connect-failed (1) Dec 23 10:44:55 polya NetworkManager[12487]: <info> VPN plugin state changed: stopped (6) Dec 23 10:44:55 polya NetworkManager[12487]: <info> VPN plugin state change reason: unknown (0) Dec 23 10:44:55 polya NetworkManager[12487]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active. What might I be doing wrong? I have libcharon-extra-plugins installed and have not modified any configuration files beyond the one listed below. Thanks! Julian -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages network-manager-strongswan depends on: ii gconf-service 3.2.6-3 ii libart-2.0-2 2.3.21-2 ii libatk1.0-0 2.14.0-1 ii libbonobo2-0 2.32.1-3 ii libbonoboui2-0 2.24.5-2 ii libc6 2.19-13 ii libcairo2 1.14.0-2.1 ii libdbus-1-3 1.8.12-1 ii libdbus-glib-1-2 0.102-1 ii libfontconfig1 2.11.0-6.3 ii libfreetype6 2.5.2-2 ii libgconf-2-4 3.2.6-3 ii libgdk-pixbuf2.0-0 2.31.1-2+b1 ii libglib2.0-0 2.42.1-1 ii libgnome-2-0 2.32.1-5 ii libgnome-keyring0 3.12.0-1+b1 ii libgnomecanvas2-0 2.30.3-2 ii libgnomeui-0 2.24.5-3 ii libgnomevfs2-0 1:2.24.4-6+b1 ii libgtk2.0-0 2.24.25-1 ii libice6 2:1.0.9-1+b1 ii libnm-glib-vpn1 0.9.10.0-4 ii libnm-glib4 0.9.10.0-4 ii libnm-util2 0.9.10.0-4 ii liborbit-2-0 1:2.14.19-0.3 ii libpango-1.0-0 1.36.8-3 ii libpangocairo-1.0-0 1.36.8-3 ii libpangoft2-1.0-0 1.36.8-3 ii libpopt0 1.16-10 ii libsm6 2:1.2.2-1+b1 ii network-manager 0.9.10.0-4 ii strongswan-nm 5.2.1-4 network-manager-strongswan recommends no packages. network-manager-strongswan suggests no packages. -- Configuration Files: /etc/NetworkManager/VPN/nm-strongswan-service.name changed: [VPN Connection] name=strongswan service=org.freedesktop.NetworkManager.strongswan program=/usr/lib/ipsec/charon-nm [GNOME] auth-dialog=/usr/lib/NetworkManager/nm-strongswan-auth-dialog properties=/usr/lib/NetworkManager/libnm-strongswan-properties -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
