[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
Is there a workaround to make the Plugin accept PSK with less than 20 characters, e.g. via some CLI tool? And maybe someone could explain where this limitation comes from. As others have pointed out if you connect to a foreign VPN you may not have control over the length of the PSK that they assign you. So you're out of luck in this case. Releated problem: If I select to "Ask for password each time" (translated back from German) in the dropdown of the password field I still can not save the connection. This makes no sense as I explicitely selected to not enter the password here. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
This defect persists into Ubuntu 21.04 Hirsute Hippo. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
This problem still persist in my ubuntu 20.04 too this is a great too but need to fix this one bug thank you -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
This problem still persist in Ubuntu 20.04 $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 20.04.1 LTS Release:20.04 Codename: focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
This problem still persist in Ubuntu 18.04 $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 18.04.4 LTS Release:18.04 Codename: bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
Hello, This problem still persist in Ubuntu 19.10 network-manager1.20.4-2ubuntu2 network-manager-config-connectivity-ubuntu 1.20.4-2ubuntu2 network-manager-gnome 1.8.22-2ubuntu1 network-manager-strongswan 1.4.4-2 > lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 19.10 Release:19.10 Codename: eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
Same again with me. 16 character PSK, set by my company and is something I have no control over. Is this "strong key" requirement enforced in the GUI only? Or is it a fundamental part of strongswan itself? I.e. could I circumvent it by entering a longer (incorrect) key in the gui and then modify a config file somewhere to hold the correct key? I agree, this feels like a bug. If the server is set up to accept (require) a shorter key, then the fact that the strongswan client is unable to connect seems like an error. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
Same situation here. I totally agree with Agustin Rivero (agustin-midokura). Please fix this limitation client-side! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
Come on, this a client configuration not a server configuration. In a server you could enforce the user not to use a insecure password. But is it insecure to configure the client wrongly? It's like not allowing a login prompt to enter a short password. Security must be implementing when setting the password in the server not when login in!! A client shouldn't impose restrictions in configuration, otherwise it's not a generic client, it's just a client that works in some cases and not being a technical limitation but a bad decision on where security must be implemented. This applies for not allowing PSK in a client or not allowing a short password in a client. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
Yeah, this seems to be pretty bad. I've been asked to connect to a corporate VPN using PSK that only has 7 characters and can't use Network Manager because this 20+ characters limit :(. On Apple (I don't use that, but my boss does) this however works out of the box and with no issues: https://raw.githubusercontent.com/truemetal/ikev2_vpn/master/macos%20setup%20demo%20(PSK).gif -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: network-manager-strongswan (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
> To clear this up, it'd be nice if the interface made it clear that the username field is unused It is not, it defines the identity of the client (i.e. the local identity). > and the password field is the place for the PSK in PSK mode. The tooltip of that field mentions PSKs (in particular the 20 character limit). > None of that is obvious in the current interface. Even though I agree, changing texts of labels is, of course, more complicated than just en-/disabling the fields. And since we don't recommend using PSKs in the first place I don't think there will be much work on this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
Ahhh yeah, our corporate PSK is only ~10 characters. so it sounds like there's no way to support this VPN with the strongswan plugin. that's unfortunate, since I have no way to change corporate IT infrastructure. To clear this up, it'd be nice if the interface made it clear that the username field is unused and the password field is the place for the PSK in PSK mode. None of that is obvious in the current interface. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
> Our Cisco Meraki appliance is expecting both a PSK to with the server, and a username and password for individual client auth. I guess you are referring to IKEv1 XAuth/PSK. The strongSwan NetworkManager plugin does not support this. It only supports IKEv2 (where EAP can be used for username/password authentication after properly authenticating the server with a certificate, which is not possible with a PSK). > Regardless, when I fill in the username and password with PSK selected, the "Add" button remains greyed out and refuses to add the connection to my network settings. That's probably because the PSK you entered is too short (a minimum of 20 characters is enforced). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
I have a username and password field, which should be separate from the PSK field, no? Our Cisco Meraki appliance is expecting both a PSK to with the server, and a username and password for individual client auth. Regardless, when I fill in the username and password with PSK selected, the "Add" button remains greyed out and refuses to add the connection to my network settings. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1697536] Re: nm strongswan gui doesn't have a way to enter pre-shared key
You don't have a Password field? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697536 Title: nm strongswan gui doesn't have a way to enter pre-shared key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1697536/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs