On 1/24/22 02:00, Tobias Brunner wrote:
Hi Daniel,
Removing the blank "certificate=" line from the VPN connection config in
/etc/NetworkManager/system-connections/ restores the original behavior.
However, modifying the connection config in NetworkManager will again
add
the blank "certficiate=" line, once again breaking the connection
config.
I can't reproduce this. What does the "Certificate" file chooser
display when you open the editor? "(None)"?
Regards,
Tobias
Perhaps I wasn't clear. Applying any change to any field in the
NetworkManager strongswan VPN plugin config will write a text config
file with the 'certificate=' line. For example, the following resulting
connection config snippet would be broken because no certificate was
specified in the GUI:
...
[vpn]
address=vpn.example.com
certificate=
encap=yes
...
Changing that snippet to the following makes the connection work using
system certificates:
...
[vpn]
address=vpn.example.com
encap=yes
...
Notice the missing 'certificate=' line. However, any change made in the
GUI would restore the certificate= line as show below:
...
[vpn]
address=different-vpn.example.com
certificate=
encap=yes
...
Thus, manually modifying the GUI-created VPN config is a temporary
workaround, but it will break eventually when the the user applies
something in the GUI, and a new config is written out.
The GUI config should not include a 'certificate=' line when the GUI's
"Certificate:" field is left blank. Alternatively, strongswan should
assume 'certificate=' indicates the system certificates should be used.
Does that answer your question?
--
Daniel Fussell
CAEDM Linux Administrator
BYU College of Engineering
240 EB, Provo UT 84602
801-422-5351
dfuss...@byu.edu
