install packages first:
yay -S xl2tpd strongswan networkmanager-l2tp
ref: https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup yay: https://github.com/Jguer/yay
then reboot or systemctl restart NetworkManager
nmcli c add con-name CON_NAME type vpn vpn-type l2tp vpn.data 'gateway=GATEWAY_HOST, ipsec-enabled=yes, ipsec-psk=PRE_SHARED_KEY, password-flags=2, user=USERNAME'
nmcli c edit CON_NAME # interactive mode, type help for manual
nmcli c up CON_NAME
nmcli c down CON_NAME
nmcli c delete CON_NAME
- password-flags=0 => Save password in plain text
- password-flags=1 => Save encrypted password
- password-flags=2 => Don't save password, ask when needed
- when using this,
nmcli c up CON_NAME --ask
is needed
- when using this,
Gateway
is the ip of the vpn serverUser name
is the given user- Password can be left blank to enter when connecting
- click
IPsec Settings...
button- Check
Enable IPsec tunnel to L2TP host
- paste PSK to
Pre-shared key
- IMPORTANT Uncheck
Enable IPsec tunnel to L2TP host
before clickOK
button, I think this is a bug
- Check
- click
Add
button and enable
In the last step, if I choose to uncheck it(Enable IPsec tunnel to L2TP host), after I failed to connect this vpn, the next I click the setting section, the pre-shared key disappear.
Another thing I am confused is that when I type:
systemctl --type=service
,there is no such thing licke networkmanager-l2tp, Is that normal?