Difference between revisions of "Vpnsec Linux install"

From Cncz
Jump to: navigation, search
Line 41: Line 41:
  
 
[[Bestand:vpnsec_linux_6.png|400px]]
 
[[Bestand:vpnsec_linux_6.png|400px]]
 +
 +
=== [Bekende problemen][Known problems] ===
 +
 +
[nl]
 +
Als de VPN-verbinding gemaakt is, maar <verb>ping ns1.science.ru.nl</verb> werkt niet, terwijl <verb>ping 131.174.224.4</verb> wel werkt, dan kan de reden zijn dat <verb>dnsmasq</verb> dit veroorzaakt. Dat kan opgelost worden door de DNS-cache van dnsmasq niet te gebruiken, zie [http://askubuntu.com/questions/320921/having-dns-issues-when-connected-to-a-vpn-in-ubuntu-13-04 Ask Ubuntu: DNS problem when connected to a VPN]:
 +
[/nl]
 +
[en]
 +
If the VPN connection has been established, but <verb>ping ns1.science.ru.nl</verb> doesn't work, while <verb>ping 131.174.224.4</verb> does work, then probably <verb>dnsmasq</verb> is the culprit. This can be solved bij disabling the dnsmasq DNS cache, as is described in [http://askubuntu.com/questions/320921/having-dns-issues-when-connected-to-a-vpn-in-ubuntu-13-04 Ask Ubuntu: DNS problem when connected to a VPN]:
 +
[/en]
 +
<pre>
 +
First make sure that there are no lines beginning with nameserver in any files in /etc/resolvconf/resolv.conf.d.
 +
If /etc/resolvconf/resolv.conf.d/tail is a symbolic link to target original, make it point to /dev/null.
 +
 +
Second, disconnect from the VPN. Edit /etc/NetworkManager/NetworkManager.conf
 +
 +
$ sudo gedit /etc/NetworkManager/NetworkManager.conf
 +
 +
and comment out
 +
 +
dns=dnsmasq
 +
 +
(i.e., add a # so that it looks like the following)
 +
 +
#dns=dnsmasq
 +
 +
and then
 +
 +
sudo service network-manager restart
 +
</pre>

Revision as of 15:25, 25 February 2016

This procedure assumes using NetworkManager.

Install the required software:

# aptitude install network-manager-strongswan strongswan-plugin-eap-mschapv2
The following NEW packages will be installed:
  libstrongswan{a} network-manager-strongswan strongswan-ike{a} strongswan-nm{a}
  strongswan-plugin-eap-mschapv2 strongswan-plugin-openssl{a} 
...

# service network-manager stop
network-manager stop/waiting
# service network-manager start
network-manager start/running, process 29031

Configuration:

Select the NetworkManager applet and after that Edit Connections...

Vpnsec linux 2.png

Click Add, select IPsec/IKEv2 in the section VPN, click Create

Vpnsec linux 3.png

Enter data at:Connection name, Address (vpnsec.science.ru.nl), loginname, etc. and check the marks where needed.

Vpnsec linux 4.png

Save: (Save and Close)

Vpnsec linux 5.png

Start the VPN. Select the NetworkManager applet, next VPN Connections and finally the connection created.

Vpnsec linux 6.png

Known problems

If the VPN connection has been established, but <verb>ping ns1.science.ru.nl</verb> doesn't work, while <verb>ping 131.174.224.4</verb> does work, then probably <verb>dnsmasq</verb> is the culprit. This can be solved bij disabling the dnsmasq DNS cache, as is described in Ask Ubuntu: DNS problem when connected to a VPN:

First make sure that there are no lines beginning with nameserver in any files in /etc/resolvconf/resolv.conf.d.
If /etc/resolvconf/resolv.conf.d/tail is a symbolic link to target original, make it point to /dev/null.

Second, disconnect from the VPN. Edit /etc/NetworkManager/NetworkManager.conf

$ sudo gedit /etc/NetworkManager/NetworkManager.conf

and comment out

dns=dnsmasq

(i.e., add a # so that it looks like the following)

#dns=dnsmasq

and then

sudo service network-manager restart