search

hwdsl2 / setup-ipsec-vpn

Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
Other
25.26k stars 6.32k forks source link

Fedora 38 can't use keys #1464

Closed sm1ly closed 1 year ago

sm1ly commented 1 year ago

Hello everybody. I using Fedora 38, I follow instrictions to add VPN config, and when I try to connect - it always ask me a password to use generated keys, cause I have no paswword I cant do it (I tried "space", empty, etc, nothing helps)

thats what I see in my local logs. I used 600 and 777 rights also. doesnt help. always ask password.

сен 24 07:55:03 deathboard NetworkManager[4565]: <info>  [1695531303.4022] vpn[0x56245efe5000,26ecacea-f8eb-47b6-85e2-c14575cd010f,"sm1ly"]: starting strongswan
сен 24 07:55:03 deathboard NetworkManager[4565]: <info>  [1695531303.4026] audit: op="connection-activate" uuid="26ecacea-f8eb-47b6-85e2-c14575cd010f" name="sm1ly" pid=60340 uid=1000 result="success"
сен 24 07:55:03 deathboard charon-nm[61362]: 06[LIB]   opening '/home/sm1ly/ipsec_configs_wrk/sm1ly_work.key' failed: Permission denied
сен 24 07:55:03 deathboard charon-nm[61362]: 06[LIB] building CRED_PRIVATE_KEY - ANY failed, tried 7 builders
сен 24 07:55:03 deathboard charon-nm[61362]: 06[LIB]   opening '/home/sm1ly/ipsec_configs_wrk/sm1ly_work.key' failed: Permission denied
сен 24 07:55:03 deathboard charon-nm[61362]: 06[LIB] building CRED_PRIVATE_KEY - ANY failed, tried 7 builders
сен 24 07:55:06 deathboard charon-nm[61362]: 06[LIB]   opening '/home/sm1ly/ipsec_configs_wrk/sm1ly_work.key' failed: Permission denied
сен 24 07:55:06 deathboard charon-nm[61362]: 06[LIB] building CRED_PRIVATE_KEY - ANY failed, tried 7 builders
сен 24 07:55:06 deathboard charon-nm[61362]: 06[CFG] received initiate for NetworkManager connection sm1ly
сен 24 07:55:06 deathboard charon-nm[61362]: 06[LIB]   opening '/home/sm1ly/ipsec_configs_wrk/ca.cer' failed: Permission denied
сен 24 07:55:06 deathboard charon-nm[61362]: 06[LIB] building CRED_CERTIFICATE - X509 failed, tried 6 builders
сен 24 07:55:06 deathboard NetworkManager[4565]: <warn>  [1695531306.5200] vpn[0x56245efe5000,26ecacea-f8eb-47b6-85e2-c14575cd010f,"sm1ly"]: failed to connect: 'Loading gateway certificate failed.'
сен 24 07:55:11 deathboard systemd[1]: systemd-hostnamed.service: Deactivated successfully.

when I try to use console and make nmcli c up, I got this:

сен 24 08:05:17 deathboard NetworkManager[4565]: <info>  [1695531917.5838] vpn[0x56245f061cb0,fa2cecff-ea57-4f73-a712-7988c5b5214b,"sm1ly"]: starting strongswan
сен 24 08:05:17 deathboard NetworkManager[4565]: <warn>  [1695531917.6098] vpn[0x56245f061cb0,fa2cecff-ea57-4f73-a712-7988c5b5214b,"sm1ly"]: secrets: failed to request VPN secrets #3: No agents were available for this request.
hwdsl2 commented 1 year ago

@sm1ly Hello! This looks like a bug in Fedora Linux. See the following links for more information and possible workarounds. I would suggest that you open an issue in the Fedora Linux bug tracker. https://bugzilla.redhat.com/show_bug.cgi?id=1389913 https://bugzilla.redhat.com/show_bug.cgi?id=1394977

You may also try adding a password to the private key, although it may not help in this case.

For IKEv2 instructions for Linux clients, including how to connect using the command line, please refer to: https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto.md#linux

sm1ly commented 1 year ago

@hwdsl2 Hello! But console doesnt work also...

hwdsl2 commented 1 year ago

@sm1ly Please refer to the first link I mentioned above. This may be a Fedora Linux bug. https://bugzilla.redhat.com/show_bug.cgi?id=1389913