Does not properly call ipsec

nm-l2tp / NetworkManager-l2tp

L2TP and L2TP/IPsec support for NetworkManager

GNU General Public License v2.0

489 stars 84 forks source link

NetworkManager[10979]: Usage: ipsec {command} [argument] ...> NetworkManager[10979]: where {command} is one of: NetworkManager[10979]: start stop NetworkManager[10979]: restart status NetworkManager[10979]: trafficstatus traffic NetworkManager[10979]: globalstatus shuntstatus NetworkManager[10979]: briefstatus showstates NetworkManager[10979]: fips import NetworkManager[10979]: initnss checknss NetworkManager[10979]: checknflog addconn NetworkManager[10979]: algparse auto NetworkManager[10979]: barf cavp NetworkManager[10979]: ecdsasigkey getpeercon_server NetworkManager[10979]: letsencrypt look NetworkManager[10979]: newhostkey pluto NetworkManager[10979]: readwriteconf rsasigkey NetworkManager[10979]: setup show NetworkManager[10979]: showhostkey showroute NetworkManager[10979]: verify whack

Unfortunately that's a bit of a misleading error message, as just before it is the actual error and issue:

pluto[6586]: failed to add IKEv1 connection: global ikev1-policy does not allow IKEv1 connections

I think I should add something in the code to somehow detect if ikev1-policy is enabled or not, and exit with a more user friendly error message.

RHEL 9 at some point in its lifecycle has disabled IPsec IKEv1 in the libreswan package they ship, see the fix in the README.md file on how to enable IKEv1 :

https://github.com/nm-l2tp/NetworkManager-l2tp?tab=readme-ov-file#libreswan-no-longer-supports-ikev1-packets-by-default

I would also recommend removing the blacklisting of L2TP kernel modules, also see the README.md file:

https://github.com/nm-l2tp/NetworkManager-l2tp?tab=readme-ov-file#issue-with-blacklisting-of-l2tp-kernel-modules

nm-l2tp / NetworkManager-l2tp

Does not properly call ipsec #227