irishgordo/L2TP IPsec VPN with NetworkManager in Arch

## L2TP IPsec VPN with NetworkManager in Arch
Recently I had an adventure configuring NetworkManager's CLI and minimal UI, through the app: "nmtui".

Pre-reqs I leveraged:
- A Pacman Wrapper, I used "yay" x-ref: https://wiki.archlinux.org/index.php/AUR_helpers#Pacman_wrappers
- "networkmanager-l2tp", x-ref: https://aur.archlinux.org/packages/networkmanager-l2tp/
    - I acquired by ```yay -S networkmanager-l2tp```

The order of actions I took:

1.  Creating a the vpn as a system based connection:
```sudo nmcli connection add type vpn ifname YOUR_VPN_NAME vpn-type l2tp```
2.  Modifying the created connection to leverage asking for the password, instead of relying on secrets:
```
[gordo@smallchonk ~]$ sudo su
[sudo] password for gordo:
[root@smallchonk ~]$ nvim /etc/NetworkManager/system-connections/vpn-YOUR_VPN_NAME.nmconnection


[connection]
id=vpn-YOUR_VPN_NAME
uuid=80565962-f018-423b-ae73-16ea036bb0b3
type=vpn
interface-name=YOUR_VPN_NAME
permissions=

[vpn]
gateway=XXX.YY.AA.BB
ipsec-psk=PSK
password-flags=2
user=YOUR_USER
service-type=org.freedesktop.NetworkManager.l2tp

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto

[proxy]

```
^ of course for that chunk replacing it with the name of the desired vpn, user, ipsec-psk desired - and I'm leveraging "password-flags=2" (x-ref: https://developer.gnome.org/NetworkManager/stable/nm-settings.html#secrets-flags) to prompt for the password everytime a connection is desired.
^ and you could use "vi", "nano" or any other text editor you desired
3.  Now let's tell our NetworkManager service to restart: ```systemctl restart NetworkManager```
4.  Then try to connect to your freshly crafted L2TP IPSec VPN Connection, you road-warrior you, ```nmcli c up vpn-YOUR_VPN_NAME --ask```
5.  If everything goes well, it won't prompt you to look into journalctl stuff, but if it does, see below, otherwise you can check the status via: ```[gordo@smallchonk ~]$ nmcli connection show --active``` - check the active ones - or just like check the ip you expect to have given that you're now hooked in like: ```[gordo@smallchonk ~]$ curl ifconfig.me```

Troubleshooting issues, if journalctl -xe reveals something like "ppp_generic" issues post trying the above:
1. Check to see if you have the ppp_generic daemon?
```
[gordo@smallchonk ~]$ which pppd
/usr/bin/pppd
```
2. Check ```sudo nvim /etc/modprobe.d/modules.conf``` ...if it doesn't exist, it's probably solid to build it... if it does exist audit it and look for "alias char-major-108 ppp_generic" existing in the file... if it isn't there,
due to the fact I was running into ppp_generic kernel module issues - x-ref: https://wiki.archlinux.org/index.php/Ppp#pppd_cannot_load_kernel_module_ppp_generic
3. Reboot the device and try again ^

It was a little wonky getting up and running with it but hopefully this might help anyone that ends up stuck on a few things like I was.
	Recently I had an adventure configuring NetworkManager's CLI and minimal UI, through the app: "nmtui".

	Pre-reqs I leveraged:
	- A Pacman Wrapper, I used "yay" x-ref: https://wiki.archlinux.org/index.php/AUR_helpers#Pacman_wrappers
	- "networkmanager-l2tp", x-ref: https://aur.archlinux.org/packages/networkmanager-l2tp/
	- I acquired by ```yay -S networkmanager-l2tp```

	The order of actions I took:

	1. Creating a the vpn as a system based connection:
	```sudo nmcli connection add type vpn ifname YOUR_VPN_NAME vpn-type l2tp```
	2. Modifying the created connection to leverage asking for the password, instead of relying on secrets:
	```
	[gordo@smallchonk ~]$ sudo su
	[sudo] password for gordo:
	[root@smallchonk ~]$ nvim /etc/NetworkManager/system-connections/vpn-YOUR_VPN_NAME.nmconnection


	[connection]
	id=vpn-YOUR_VPN_NAME
	uuid=80565962-f018-423b-ae73-16ea036bb0b3
	type=vpn
	interface-name=YOUR_VPN_NAME
	permissions=

	[vpn]
	gateway=XXX.YY.AA.BB
	ipsec-psk=PSK
	password-flags=2
	user=YOUR_USER
	service-type=org.freedesktop.NetworkManager.l2tp

	[ipv4]
	dns-search=
	method=auto

	[ipv6]
	addr-gen-mode=stable-privacy
	dns-search=
	method=auto

	[proxy]

	```
	^ of course for that chunk replacing it with the name of the desired vpn, user, ipsec-psk desired - and I'm leveraging "password-flags=2" (x-ref: https://developer.gnome.org/NetworkManager/stable/nm-settings.html#secrets-flags) to prompt for the password everytime a connection is desired.
	^ and you could use "vi", "nano" or any other text editor you desired
	3. Now let's tell our NetworkManager service to restart: ```systemctl restart NetworkManager```
	4. Then try to connect to your freshly crafted L2TP IPSec VPN Connection, you road-warrior you, ```nmcli c up vpn-YOUR_VPN_NAME --ask```
	5. If everything goes well, it won't prompt you to look into journalctl stuff, but if it does, see below, otherwise you can check the status via: ```[gordo@smallchonk ~]$ nmcli connection show --active``` - check the active ones - or just like check the ip you expect to have given that you're now hooked in like: ```[gordo@smallchonk ~]$ curl ifconfig.me```

	Troubleshooting issues, if journalctl -xe reveals something like "ppp_generic" issues post trying the above:
	1. Check to see if you have the ppp_generic daemon?
	```
	[gordo@smallchonk ~]$ which pppd
	/usr/bin/pppd
	```
	2. Check ```sudo nvim /etc/modprobe.d/modules.conf``` ...if it doesn't exist, it's probably solid to build it... if it does exist audit it and look for "alias char-major-108 ppp_generic" existing in the file... if it isn't there,
	due to the fact I was running into ppp_generic kernel module issues - x-ref: https://wiki.archlinux.org/index.php/Ppp#pppd_cannot_load_kernel_module_ppp_generic
	3. Reboot the device and try again ^

	It was a little wonky getting up and running with it but hopefully this might help anyone that ends up stuck on a few things like I was.