Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save irishgordo/22eb877b41a1421ca005a36783494729 to your computer and use it in GitHub Desktop.
Save irishgordo/22eb877b41a1421ca005a36783494729 to your computer and use it in GitHub Desktop.
Hookin' in an L2TP IPsec VPN to NetworkManager in Arch
Recently I had an adventure configuring NetworkManager's CLI and minimal UI, through the app: "nmtui".
Pre-reqs I leveraged:
- A Pacman Wrapper, I used "yay" x-ref: https://wiki.archlinux.org/index.php/AUR_helpers#Pacman_wrappers
- "networkmanager-l2tp", x-ref: https://aur.archlinux.org/packages/networkmanager-l2tp/
- I acquired by ```yay -S networkmanager-l2tp```
The order of actions I took:
1. Creating a the vpn as a system based connection:
```sudo nmcli connection add type vpn ifname YOUR_VPN_NAME vpn-type l2tp```
2. Modifying the created connection to leverage asking for the password, instead of relying on secrets:
```
[gordo@smallchonk ~]$ sudo su
[sudo] password for gordo:
[root@smallchonk ~]$ nvim /etc/NetworkManager/system-connections/vpn-YOUR_VPN_NAME.nmconnection
[connection]
id=vpn-YOUR_VPN_NAME
uuid=80565962-f018-423b-ae73-16ea036bb0b3
type=vpn
interface-name=YOUR_VPN_NAME
permissions=
[vpn]
gateway=XXX.YY.AA.BB
ipsec-psk=PSK
password-flags=2
user=YOUR_USER
service-type=org.freedesktop.NetworkManager.l2tp
[ipv4]
dns-search=
method=auto
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto
[proxy]
```
^ of course for that chunk replacing it with the name of the desired vpn, user, ipsec-psk desired - and I'm leveraging "password-flags=2" (x-ref: https://developer.gnome.org/NetworkManager/stable/nm-settings.html#secrets-flags) to prompt for the password everytime a connection is desired.
^ and you could use "vi", "nano" or any other text editor you desired
3. Now let's tell our NetworkManager service to restart: ```systemctl restart NetworkManager```
4. Then try to connect to your freshly crafted L2TP IPSec VPN Connection, you road-warrior you, ```nmcli c up vpn-YOUR_VPN_NAME --ask```
5. If everything goes well, it won't prompt you to look into journalctl stuff, but if it does, see below, otherwise you can check the status via: ```[gordo@smallchonk ~]$ nmcli connection show --active``` - check the active ones - or just like check the ip you expect to have given that you're now hooked in like: ```[gordo@smallchonk ~]$ curl ifconfig.me```
Troubleshooting issues, if journalctl -xe reveals something like "ppp_generic" issues post trying the above:
1. Check to see if you have the ppp_generic daemon?
```
[gordo@smallchonk ~]$ which pppd
/usr/bin/pppd
```
2. Check ```sudo nvim /etc/modprobe.d/modules.conf``` ...if it doesn't exist, it's probably solid to build it... if it does exist audit it and look for "alias char-major-108 ppp_generic" existing in the file... if it isn't there,
due to the fact I was running into ppp_generic kernel module issues - x-ref: https://wiki.archlinux.org/index.php/Ppp#pppd_cannot_load_kernel_module_ppp_generic
3. Reboot the device and try again ^
It was a little wonky getting up and running with it but hopefully this might help anyone that ends up stuck on a few things like I was.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment