CONNECTING TO LANCOM VPN VIA NETWORKMANAGER / STRONGSWAN

Recently my wife switched from Windows to Linux on her personal laptop. She also uses the device to connect to her employer’s VPN through a BYOD policy, so I wanted to setup the VPN connection, an excercise I expected to take all of two minutes. Ha-ha, right.

Fair warning: I understand very little about VPNs, so if any terms below are incorrect, that is simply the extent of my understanding.

The setup: The company uses LANCom VPN and Pre-Shared Key (PSK) for authentication. LANCom uses IKEv2, which is supported by NetworkManager through StrongSWAN.

First try: I exported the configuration from the LANCom VPN client as an .ini file, checked the export secrets and export certificates checkboxes, and tried to import that in NetworkManager. Nope, error message said that there is no support for this type of VPN.

Second try: I entered the setup manually: Server address, Certificate I left as “None”, Identity I set to the username seen in LANCom VPN Client, Authentication set to “Pre-sharedh Key”, Identity again to the username, Password to the password from the ini file. This time, NetworkManager wouldn’t even let me save the connection. Why? Fscking no idea.

This is where I started to contact their admin. He had no idea about any certificates, but helped me identify the correct PSK, which was NOT the one from the exported configuration.

A few hours of trying, searching, and failing later I took a break to get something to eat.

MORE searching commenced and I found out that I have to provide a certificate, and it is the HTTPS certificate of the VPN Server. So I used Firefox to export that certificate including the certificate chain and added it to the configuration. Still, I couldn’t connect.

Another long while later I figured out that the PSK MUST BE at least 20 characters for NetworkManager to accept it. Why? No idea. LANCom is fine with it being 16 characters.

Again I contacted the admin, asked him to increase the PSK to 20 characters, which he did. NOW it works! So, if you are looking to connect to LANCom VPN from Linux using NetworkManage-StrangSWAN, here’s a screenshot:

EOF

Category: blog

Tags: VPN Linux LANCom NetworkManager