wlp5s0: connected to Auto Free WiFi by Karma "Broadcom and subsidiaries BCM4313" wifi (wl), AC:81:12:A4:5E:43, hw, mtu 1500 ip4 default inet4 192.168.1.114/24 route4 0.0.0.0/0 route4 192.168.1.0/24 route4 169.254.0.0/16 route4 192.168.1.0/24 inet6 fe80::562f:7604:6d84:57ca/64 route6 fe80::/64enp6s0: disconnected "Realtek RTL810xE" 1 connection available ethernet (r8169), B8:70:F4:2C:6B:9F, autoconnect, hw, mtu 1500 lo: unmanaged "lo" loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536 DNS configuration: servers: 192.168.1.1 interface: wlp5s0
When I enable the VPN this changes to show:
Durgee Enterprises, LLC VPN connection master wlp5s0, VPN inet4 10.10.10.1/32 wlp5s0: connected to Auto Free WiFi by Karma "Broadcom and subsidiaries BCM4313" wifi (wl), AC:81:12:A4:5E:43, hw, mtu 1500 ip4 default inet4 192.168.1.114/24 inet4 10.10.10.1/32 route4 0.0.0.0/0 route4 192.168.1.0/24 route4 169.254.0.0/16 route4 192.168.1.0/24 route4 0.0.0.0/0 inet6 fe80::562f:7604:6d84:57ca/64 route6 fe80::/64 enp6s0: disconnected "Realtek RTL810xE" 1 connection available ethernet (r8169), B8:70:F4:2C:6B:9F, autoconnect, hw, mtu 1500 lo: unmanaged "lo" loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536 DNS configuration: servers: 8.8.8.8 8.8.4.4 interface: wlp5s0 type: vpn servers: 192.168.1.1 interface: wlp5s0
Does this confirm proper operation of the VPN? If not, what other command will confirm it for me?
Assuming this does indeed indicate proper operation of the VPN I will contact support for the applet that fails to indicate the VPN in proper operation for them to correct their display.
Dave
Noel Kuntze wrote: Hello David,strongSwan by default builds policy based tunnels, not route based tunnels.Thus no interface is needed or created. Read up on how IPsec works on the wiki to get an understanding for it.GUI indicators are not inherently related to if any tunnel exists, or works.Kind regards Noel Am 01.07.21 um 20:31 schrieb David H Durgee:I thought it might make sense to revisit this after the progress that has been made. It now appears that the connection is being established:Jun 29 11:21:34 Z560 charon-nm: 11[IKE] authentication of 'durgeeenterprises.publicvm.com' with EAP successful Jun 29 11:21:34 Z560 charon-nm: 11[IKE] IKE_SA Durgee Enterprises, LLC[7] established between 192.168.1.114[dhdurgee]...108.31.28.59[durgeeenterprises.publicvm.com]Jun 29 11:21:34 Z560 charon-nm: 11[IKE] scheduling rekeying in 35705s Jun 29 11:21:34 Z560 charon-nm: 11[IKE] maximum IKE_SA lifetime 36305sJun 29 11:21:34 Z560 charon-nm: 11[IKE] installing new virtual IP 10.10.10.1 Jun 29 11:21:34 Z560 avahi-daemon[750]: Registering new address record for 10.10.10.1 on wlp5s0.IPv4. Jun 29 11:21:34 Z560 charon-nm: 11[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ Jun 29 11:21:34 Z560 charon-nm: 11[IKE] CHILD_SA Durgee Enterprises, LLC{4} established with SPIs c8cad4e5_i c3f2eec4_o and TS 10.10.10.1/32 === 0.0.0.0/0Jun 29 11:21:34 Z560 charon-nm: 11[IKE] peer supports MOBIKEJun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.6991] vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee Enterprises, LLC",0]: VPN connection: (IP Config Get) reply received. Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.6997] vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee Enterprises, LLC",0]: VPN plugin: state changed: started (4) Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.6997] vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee Enterprises, LLC",0]: VPN connection: (IP4 Config Get) reply received Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7003] vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee Enterprises, LLC",0]: Data: VPN Gateway: 108.31.28.59 Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7003] vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee Enterprises, LLC",0]: Data: Tunnel Device: (null) Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7003] vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee Enterprises, LLC",0]: Data: IPv4 configuration: Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7003] vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee Enterprises, LLC",0]: Data: Internal Address: 10.10.10.1 Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7004] vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee Enterprises, LLC",0]: Data: Internal Prefix: 32 Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7004] vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee Enterprises, LLC",0]: Data: Internal Point-to-Point Address: 10.10.10.1 Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7004] vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee Enterprises, LLC",0]: Data: Internal DNS: 8.8.8.8 Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7004] vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee Enterprises, LLC",0]: Data: Internal DNS: 8.8.4.4 Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7004] vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee Enterprises, LLC",0]: Data: DNS Domain: '(none)' Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7004] vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee Enterprises, LLC",0]: Data: No IPv6 configuration Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7013] vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee Enterprises, LLC",0]: VPN connection: (IP Config Get) completeUnfortunately I am not seeing a tunnel interface being created and routing added:enp6s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether b8:70:f4:2c:6b:9f txqueuelen 1000 (Ethernet) RX packets 1143393 bytes 1164336056 (1.1 GB) RX errors 0 dropped 20 overruns 0 frame 0 TX packets 912738 bytes 112966285 (112.9 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 95404 bytes 9207887 (9.2 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 95404 bytes 9207887 (9.2 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.1.114 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::562f:7604:6d84:57ca prefixlen 64 scopeid 0x20<link>ether ac:81:12:a4:5e:43 txqueuelen 1000 (Ethernet) RX packets 5644 bytes 4264877 (4.2 MB) RX errors 0 dropped 0 overruns 0 frame 62520 TX packets 6377 bytes 1007195 (1.0 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 17 dhdurgee@z560:~/Downloads$ route Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface default _gateway 0.0.0.0 UG 20600 0 0 wlp5s0 link-local 0.0.0.0 255.255.0.0 U 1000 0 0 wlp5s0 192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp5s0dhdurgee@z560:~/Downloads$In case it is needed for reference, here is the ipsec.conf on the server side:config setup charondebug="ike 1, knl 1, cfg 1" uniqueids=no conn ikev2-vpn auto=add compress=no type=tunnel keyexchange=ikev2 fragmentation=yes forceencaps=yes ike=aes256-sha1-modp2048,aes256-sha1-modp1024,3des-sha1-modp1024! esp=aes256-sha1,3des-sha1! dpdaction=clear dpddelay=300s rekey=no left=%any leftid=@durgeeenterprises.publicvm.com leftcert=/etc/ipsec.d/certs/vpn-server-cert.pem leftsendcert=always leftsubnet=0.0.0.0/0 right=%any rightid=%any rightauth=eap-mschapv2 rightsourceip=10.10.10.0/24 rightdns=8.8.8.8,8.8.4.4 rightsendcert=never eap_identity=%identityHere is the connection definition from /etc/NewtorkManager/system-connections:[connection] id=Durgee Enterprises, LLC uuid=72e4370d-ecfb-4e33-8572-5cf04431abb9 type=vpn autoconnect=false permissions=user:dhdurgee:; [vpn] address=durgeeenterprises.publicvm.com certificate=/home/dhdurgee/Downloads/vpn_root_certificate.pem encap=no ipcomp=no method=eap password-flags=1 proposal=no user=dhdurgee virtual=yes service-type=org.freedesktop.NetworkManager.strongswan [ipv4] dns-search= method=auto [ipv6] addr-gen-mode=stable-privacy dns-search= ip6-privacy=0 method=auto [proxy]The listed connection was created via the GUI. I have screenshots of the four pages from the GUI available for email as they violate size restrictions of posting here..As the VPN connection is already working with android and windows systems I want to make no changes to the ipsec.conf on the server. All changes should be made to the linux connection.I can only assume there are revisions to be made, hopefully via the GUI. Obviously if the GUI cannot address what is needed I can edit the connection directly.Alternatively, am I misunderstanding what I am seeing and the tunnel is actually being established? I see only the WiFi icon on the bar at the bottom of the screen just as I do when opening the WiFi connection. With another VPN service, now discontinued, I showed a different icon indicating the secured tunnel was open. This other discontinued service likewise created a tun interface and established a route via that interface.If more information is required please let me know. Dave
smime.p7s
Description: S/MIME Cryptographic Signature
