search

nm-l2tp / NetworkManager-l2tp

L2TP and L2TP/IPsec support for NetworkManager
GNU General Public License v2.0
486 stars 84 forks source link

Failed to connect with certificates #88

Closed tpimont closed 6 years ago

tpimont commented 6 years ago

Hello, First i make a connection to a windows 2016 server with PSK -> OK Then i extract certificates from Windows client machine and truncate in 2 pem files cert user and key user i add cacert too. I just replace PSK with certificates TLS -> KO

with certificate vpn dont connect .

dkosovic commented 6 years ago

NetworkManager-1.2.10 is the current stable version (and is in the nm-1-2 branch of this repository) has no certificate support at all.

The unstable master branch has some certificate support in the GUI, but no backend support as of yet. I started developing certificate support using NSS, but ran into issues due to limitations of what NSS supports. What I want to use is OpenSSL, but it is incompatible with the NetworkManager GPL license, I was hoping OpenSSL with its new license would have been released by now.

tpimont commented 6 years ago

When i saw certificates in the GUI i suppose that was working . Ok i'll wait for that support, i use nm strongswan ikev2 instead

thanks

dkosovic commented 5 years ago

I've been dragging my feet waiting for OpenSSL 3.0 to be released which uses the Apache 2.0 license which is compatible with the GPL v2 license that NetworkManager uses.

NetworkManager-l2tp code in the master branch now supports user and machine TLS certificates. Although OpenSSL 3.0 hasn't been released yet, the code can be built against OpenSSL 1.1.x.

The code supports the following certificate and private key file types: :

Notes on certificate and private keys:

The following commit and crypto utility files do most of the TLS certificate backend support in the source code: