Private key password

[alfonder]

Describe the issue VPN server works. I've added IKEv2 client on Fedora according to the instruction here. But it requires a private key decryption password (see screenshot). There is no option to skip the password. I haven't defined any password, so I don't know where I should get it.

Server (please complete the following information)

• OS: Debian 11
• Hosting provider LL Host

Client (please complete the following information)

• Device: Lenovo IdeaPad 5 Pro
• OS:Fedora 36 Workstation
• VPN mode: IKEv2 only

Additional context Gnome 42 used, client connection via NetworkManager created.

[hwdsl2]

@alfonder Hello! This seems to be a bug in NetworkManager (requests a password for an unencrypted private key). If you followed these instructions to configure the Linux VPN client, the private key should not have a password. You can try establishing the connection from a terminal. See: https://wiki.strongswan.org/issues/3428#note-5

Another option might be to add a password to the private key using openssl, then retry the connection.

[letoams]

On Tue, 26 Jul 2022, Alexander Fomichev wrote:

Describe the issue VPN server works. I've added IKEv2 client on Fedora according to the instruction here. But it requires a private key decryption password (see screenshot). There is no option to skip the password. I haven't defined any password, so I don't know where I should get it.

We dont support passwords on key files as libreswan only supports importing PKCS#12 files. Those can have a password but "ipsec import" will ask you for it.

We do support a password on the entire NSS database, which can be put in /etc/ipsec.d/nsspassword (or the value you set in ipsec.conf in "config setup" using the nsspassword= option)

See https://libreswan.org/wiki/HOWTO:_Using_NSS_with_libreswan

Paul